Zoom Communications, Inc. has recently released security advisories addressing multiple vulnerabilities affecting various Zoom Workplace Apps and Zoom Meeting SDKs. These vulnerabilities range in severity from medium to high and could allow authenticated or even unprivileged users to escalate privileges or conduct denial-of-service attacks.
One of the critical vulnerabilities, identified as CVE-2025-27440, involves a heap overflow issue that could allow an authenticated user to escalate privileges via network access. This vulnerability, with a CVSS score of 8.5, affects a wide range of Zoom products, including desktop apps for Windows, macOS, and Linux, as well as mobile apps for iOS and Android.
Another high-severity vulnerability, CVE-2025-27439, is a buffer underflow issue that could also lead to privilege escalation. Similar to the heap overflow vulnerability, it affects various Zoom Workplace Apps and has a CVSS score of 8.5.
A third vulnerability, tracked as CVE-2025-0151, is a use-after-free vulnerability that could also allow for privilege escalation via network access. This vulnerability, with a CVSS score of 8.5, affects a similar range of Zoom products as the previous two vulnerabilities.
In addition to these critical vulnerabilities, Zoom has also addressed a denial-of-service vulnerability (CVE-2025-0150) specific to iOS, caused by incorrect behavior order. This vulnerability has a CVSS score of 7.1.
Finally, a medium-severity vulnerability (CVE-2025-0149) related to insufficient verification of data authenticity could allow an unprivileged user to conduct a denial-of-service attack. This vulnerability has a CVSS score of 6.5 and affects a wide range of Zoom products.
Zoom has released updates to address these vulnerabilities and urges all users to apply the latest patches as soon as possible. Users can download the latest versions of the affected products from the official Zoom website.
