Zoom has released six security bulletin addressing several vulnerabilities across its product ecosystem, ranging in severity from low to high. These vulnerabilities affect various platforms, including Linux, Windows, macOS, and Android, and could lead to sensitive information disclosure, privilege escalation, denial of service (DoS), or loss of data integrity. Administrators and users are strongly encouraged to apply the latest updates to mitigate potential risks.
Zoom has released updates to address the following vulnerabilities:
- CVE-2025-0142: Cleartext storage of sensitive information in the Zoom Jenkins bot plugin (CVSS Score: 4.3)
- CVE-2025-0143: Out-of-bounds write in the Zoom Workplace App for Linux (CVSS Score: 4.3)
- CVE-2025-0144: Out-of-bounds write in some Zoom Workplace Apps (CVSS Score: 3.1)
- CVE-2025-0145: Untrusted search path in the installer for some Zoom Workplace Apps for Windows (CVSS Score: 4.6)
- CVE-2025-0146: Symlink following in the installer for Zoom Workplace app for macOS (CVSS Score: 3.9)
- CVE-2025-0147: Type confusion in the Zoom Workplace App for Linux (CVSS Score: 8.8)
The most critical vulnerability, CVE-2025-0147, is a type confusion vulnerability in the Zoom Workplace App for Linux that could allow an attacker to conduct an escalation of privilege via network. This vulnerability has a CVSS score of 8.8, which is considered high.
Zoom is urging all users to update their software to the latest versions as soon as possible. Users of the Zoom Jenkins bot plugin should update to version 1.6 or later. Users of the Zoom Workplace App for Linux should update to version 6.2.10 or later. Users of other Zoom products should also update to the latest versions.
Related Posts:
- Zoom Customers Advised to Update Software to Fix Security Vulnerabilities
- Zoom Issues Security Update Addressing Vulnerabilities in Workplace and SDK Apps
