- 244/2025
- High
Zoom has released a security update to fix multiple vulnerabilities in Zoom Client for Windows, macOS, Linux, and Android.
The addressed vulnerabilities could allow the attacker to conduct cross-site scripting attacks, obtain sensitive information, or gain elevated privileges to the affected system.
Sample of the addressed vulnerabilities:
1. Zoom Workplace Clients-Inefficient Regular Expression Complexity Vulnerability (CVE-2025-62484):
- CVSS: 8.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Privilege
2. Zoom Workplace VDI Plugin macOS Universal Installer Information Disclosure Vulnerability (CVE-2025-30662):
- CVSS: 6.6
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Consequences: Obtain Information
Sample of the affected products:
- Zoom Workplace for macOS before version 6.5.10.
- Zoom Rooms Controller for Windows before version 6.5.10.
- Zoom Workplace VDI Client for Windows before versions 6.3.14, 6.4.12, and 6.5.10.
Vulnerabilities
- CVE-2025-62484
- CVE-2025-62483
- CVE-2025-64740
- CVE-2025-64739
- CVE-2025-62482
- CVE-2025-30662
- CVE-2025-30669
- CVE-2025-64741
- CVE-2025-64738
- CVE-2025-58132
- CVE-2025-58133
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.