Zoom Fixes High-risk Flaw In Latest Update

Zoom fixes aggregate information bugs successful Workplace Apps, including a high-risk flaw. Users are urged to update to nan latest type released connected May 13, 2025.

Zoom pushed retired a batch of information fixes today, addressing aggregate vulnerabilities crossed its Workplace Apps. One of them has been marked precocious severity, while nan others are rated medium. The updates impact some wide app versions and Windows-specific builds.

For anyone utilizing Zoom successful business aliases acquisition settings, particularly connected Windows systems, these updates are worthy attention.

What Was Fixed

The astir important of nan bunch is simply a time-of-check to time-of-use (TOCTOU) rumor listed nether CVE-2025-30663. This type of bug occurs erstwhile there’s a hold betwixt a strategy checking if an action is safe and performing it. During that short window, attackers mightiness interfere. This bug affects Zoom Workplace Apps broadly and was rated precocious severity.

The remainder of nan vulnerabilities transportation mean severity ratings. Here’s a speedy breakdown:

Improper Neutralization of Special Elements

• Affects: All Workplace Apps
• CVEs: CVE-2025-46786, CVE-2025-46787, CVE-2025-30664
• Issue: These bugs impact nan mishandling of personification inputs, which could let scripts aliases commands to beryllium executed successful unexpected ways.

Buffer Over-read

• Affects: Windows versions
• CVE: CVE-2025-46785
• Issue: This bug could lead to nan exertion reference much information than it should, risking vulnerability of delicate information.

NULL Pointer Dereference

• Affects: General and Windows-specific builds
• CVEs: CVE-2025-30665, CVE-2025-30666, CVE-2025-30667, CVE-2025-30668
• Issue: These tin origin nan app to clang by trying to entree representation that hasn’t been set, which could beryllium exploited successful immoderate separator cases.

All 7 bulletins were published coming connected Zoom’s charismatic security bulletin page, pinch updates issued astatine nan aforesaid time.

In a remark to Hackread.com, Jim Routh, Chief Trust Officer astatine Saviynt stated, “Cyber professionals are considering nan request for deepfake discovery and prevention impacting virtual meetings today. It turns retired that nan package defects/vulnerabilities announced precocious successful Zoom Workplace are acold much captious astatine this time.”

”DoS and distant codification execution vulnerabilities person nan imaginable for important business disruption pinch nan imaginable for ransomware exploits,” he added. ”Software resilience for endeavor package companies is achievable pinch much maturity successful nan improvement process to place and remediate title conditions.”

Patch NOW

Zoom is wide utilized crossed industries, and bugs for illustration these mixed pinch others, tin beryllium a monolithic information risk. While nan method specifications whitethorn not use to mundane users, IT teams should dainty this arsenic a regular information attraction window. Applying nan patches quickly reduces nan chance of these issues being exploited.

Therefore, if you usage Zoom Workplace Apps, update now. The patches are unrecorded and disposable for download. Admins managing endeavor deployments should reappraisal their update pipelines to make judge these fixes are rolled retired crossed each personification endpoints.