Wednesday, May 7, 2025
Homecyber securityZoom Workplace Apps Vulnerability Enables Malicious Script Injection Through XSS Flaws

Zoom Workplace Apps Vulnerability Enables Malicious Script Injection Through XSS Flaws

Published on

SIEM as a Service

Follow Us on Google News

A newly disclosed vulnerability in Zoom Workplace Apps (tracked as CVE-2025-27441 and CVE-2025-27442) allows attackers to inject malicious scripts via cross-site scripting (XSS) flaws, posing risks to millions of users globally.

The medium-severity vulnerability, with a CVSS score of 4.6, enables unauthenticated attackers on adjacent networks to compromise meeting integrity by executing arbitrary code.

Zoom has released patches for affected desktop, mobile, and SDK versions, urging users to update immediately to mitigate exploitation risks.

- Advertisement - Google News

XSS Flaws Exploit Network Proximity

The XSS vulnerability stems from improper input validation in Zoom’s chat and collaboration features. Attackers on the same network segment—such as public Wi-Fi or corporate intranets—can inject malicious scripts into meeting sessions.

These scripts may hijack user sessions, steal credentials, or distribute malware. Unlike traditional XSS attacks requiring user interaction, this flaw exploits Zoom’s handling of network data packets, allowing passive injection during active meetings.

Security analysts highlight that the adjacency requirement lowers the attack barrier, as attackers need only network access rather than authentication. This raises concerns for enterprises using Zoom in shared office environments or hybrid work setups.

The vulnerability affects Zoom Workplace Desktop Apps (Windows, macOS, Linux), mobile apps (iOS/Android), and SDK integrations, with older versions prior to 6.3.10 being particularly susceptible.

The primary vulnerabilities, CVE-2025-27441 and CVE-2025-27442, are rooted in insufficient sanitization of user-supplied input.

Attackers craft malicious payloads disguised as meeting metadata, which Zoom fails to validate, leading to script execution in victims’ clients.

A secondary flaw, CVE-2025-27443 (CVSS 2.8), involves insecure variable initialization in Windows apps, allowing authenticated users to manipulate local configurations.

Three additional CVEs (CVE-2025-30670/30671/30672) rated 5.4 CVSS expose null pointer dereference bugs, enabling authenticated attackers to crash Zoom processes via network requests.

While these denial-of-service flaws require higher privileges, they compound risks for organizations delaying patches.

Zoom’s security bulletin ZSB-25013 lists over 15 impacted products, including:

  • Zoom Workplace Desktop Apps (Windows/macOS/Linux) before 6.3.10.
  • Zoom Rooms Controllers/Clients (all OS) before 6.4.0.
  • Meeting SDKs (Windows/iOS/Android) before 6.3.10.

The company confirmed no active exploits but warned that proof-of-concept code could emerge rapidly, given the flaw’s simplicity. This mirrors past incidents, such as the 2020 credential-leakage vulnerability, where delayed patching led to widespread exploitation.

Mitigations

Zoom recommends updating to the latest versions via its download portal. IT teams should prioritize endpoints in multi-tenant environments, enforcing network segmentation and monitoring for anomalous meeting traffic.

Additionally, disabling automatic link previews in Zoom settings can reduce XSS attack surfaces.

This disclosure follows a March 2025 CERT-In advisory about a Zoom denial-of-service flaw (CVE-2025-0149) and aligns with historical patterns of memory-corruption vulnerabilities in the platform.

Threat actors have increasingly targeted collaboration tools, as seen in fake Zoom installers distributing BlackSuit ransomware and IcedID malware. These campaigns exploit user trust in legitimate software, underscoring the need for vigilant update practices.

Find this News Interesting! Follow us on Google NewsLinkedIn, & X to Get Instant Updates!

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations,...

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search...

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider,...

Over 2,800 Hacked Websites Targeting MacOS Users with AMOS Stealer Malware

Cybersecurity researcher has uncovered a massive malware campaign targeting MacOS users through approximately 2,800...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations,...

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search...

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider,...