Saturday, February 8, 2025
HomeCyber Security NewsZoom Security Update - Patches Multiple Vulnerabilities That Let Attackers Escalate Privileges

Zoom Security Update – Patches Multiple Vulnerabilities That Let Attackers Escalate Privileges

Published on

SIEM as a Service

Follow Us on Google News

Zoom Video Communications has released a critical security update addressing multiple vulnerabilities in its suite of applications, including a high-severity flaw that could allow attackers to escalate privileges.

The company urges users to update their software immediately to mitigate potential risks.

The most severe vulnerability, CVE-2025-0147, is a type confusion issue affecting the Zoom Workplace App for Linux versions prior to 6.2.10.

With a CVSS score of 8.8, this high-severity flaw could enable an authorized user to escalate privileges via network access.

The vulnerability also impacts the Zoom Meeting SDK and Video SDK for Linux. As a result of this, Zoom released a critical security update.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Other vulnerabilities

In addition to CVE-2025-0147, Zoom patched five other vulnerabilities of varying severity:-

  1. CVE-2025-0146: A low-severity symlink following vulnerability in the macOS installer for Zoom Workplace app (CVSS score: 3.9).
  2. CVE-2025-0145: A medium-severity untrusted search path issue in Windows installers for some Zoom Workplace Apps (CVSS score: 4.6).
  3. CVE-2025-0144: A low-severity out-of-bounds write vulnerability affecting multiple Zoom applications across various platforms (CVSS score: 3.1).
  4. CVE-2025-0143: A medium-severity out-of-bounds write vulnerability in the Linux version of Zoom Workplace App (CVSS score: 4.3).
  5. CVE-2025-0142: A medium-severity cleartext storage of sensitive information issue in the Zoom Jenkins bot plugin (CVSS score: 4.3).

These vulnerabilities affect a wide range of Zoom products, including Zoom Workplace Apps, Zoom Rooms Clients, Zoom Meeting SDKs, and Zoom Video SDKs across Windows, macOS, Linux, iOS, and Android platforms.

Zoom has credited several security researchers for reporting these vulnerabilities, including nahamsec, sim0nsecurity, shmoul, and members of Zoom’s own Offensive Security team.

This security update is one of the most important updates released by Zoom, as with this update it promptly applied the patches.

To protect against potential exploits, users are strongly advised to update their Zoom applications to the latest versions available at https://zoom.us/download.

By addressing these vulnerabilities, Zoom demonstrates its commitment to maintaining the security and integrity of its platform for millions of users worldwide.

Besides this, for the Zoom Jenkins bot plugin, users should update to version 1.6 or later from the Jenkins plugin repository.

Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...

Hackers Leveraging Image & Video Attachments to Deliver Malware

Cybercriminals are increasingly exploiting image and video files to deliver malware, leveraging advanced techniques...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...