Zoom Patches Multiple Vulnerabilities That Let Attackers Escalate Privileges
Zoom, the popular video conferencing platform, has addressed several vulnerabilities across its suite of applications, ranging from privilege escalation to denial-of-service risks. These vulnerabilities, identified with distinct CVE IDs, highlight the importance of timely updates to maintain user security. Below is an overview of the vulnerabilities and their implications. High-Severity Vulnerability: CVE-2025-0147 A critical vulnerability, […] The post Zoom Patches Multiple Vulnerabilities That Let Attackers Escalate Privileges appeared first on Cyber Security News.
Zoom, the popular video conferencing platform, has addressed several vulnerabilities across its suite of applications, ranging from privilege escalation to denial-of-service risks.
These vulnerabilities, identified with distinct CVE IDs, highlight the importance of timely updates to maintain user security. Below is an overview of the vulnerabilities and their implications.
High-Severity Vulnerability: CVE-2025-0147
A critical vulnerability, CVE-2025-0147, was discovered in the Zoom Workplace App for Linux (versions prior to 6.2.10). This type confusion vulnerability could allow an attacker to escalate privileges via network access.
With a CVSS score of 8.8 (High), the flaw requires user interaction but poses significant risks due to its potential impact on confidentiality, integrity, and availability.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
Affected Products:
- Zoom Workplace App for Linux (before 6.2.10)
- Zoom Meeting SDK for Linux (before 6.2.10)
- Zoom Video SDK for Linux (before 6.2.10)
Medium-Severity Vulnerabilities
- CVE-2025-0145
Found in the Windows installer of certain Zoom Workplace Apps, this vulnerability stems from an untrusted search path issue. It allows privilege escalation via local access and has a CVSS score of 4.6 (Medium).
- Zoom Workplace App for Windows (before 6.2.5)
- Zoom Workplace VDI Client for Windows (before 6.1.13, except 6.0.15)
- Various other Windows-based Zoom applications.
- CVE-2025-0143
This out-of-bounds write vulnerability in the Zoom Workplace App for Linux (prior to version 6.2.5) could permit denial-of-service attacks via network access by unauthorized users. It has a CVSS score of 4.3 (Medium).
- Zoom Workplace App for Linux (before 6.2.5)
- Zoom Meeting SDK and Video SDK for Linux (before 6.2.5)
- CVE-2025-0142
A medium-severity flaw in the Zoom Jenkins bot plugin (prior to version 1.6) involves cleartext storage of sensitive information, potentially allowing information disclosure via network access.
- Zoom Jenkins bot plugin (before version 1.6)
Low-Severity Vulnerabilities
- CVE-2025-0146
A symlink following issue in the macOS installer of the Zoom Workplace App could lead to denial-of-service attacks via local access by authenticated users. This vulnerability has a CVSS score of 3.9 (Low).
- Zoom Workplace App for macOS (before 6.2.10)
- Other macOS-based applications like Zoom Rooms Client and SDKs.
- CVE-2025-0144
An out-of-bounds write issue in multiple versions of the Zoom Workplace Apps across platforms may compromise data integrity via network access by authorized users.
- Multiple versions of Zoom Workplace Apps for Windows, macOS, Linux, iOS, and Android.
Zoom strongly advises all users to update their applications to the latest versions available on its official website or respective plugin repositories. These updates address the vulnerabilities and enhance overall security.
Users are encouraged to act promptly and ensure their systems are running the latest patched versions to mitigate potential threats effectively.
The post Zoom Patches Multiple Vulnerabilities That Let Attackers Escalate Privileges appeared first on Cyber Security News.
