Video conferencing: Zoom plugs several security leaks in workplace apps
There are security gaps in the Workplace apps and in Zoom's Jenkins plug-in. Updates to seal the leaks are available.
Smartphones as webcams in a web conference.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Zoom has closed several security gaps in its web conferencing tools. One of these is considered high-risk. In addition, the Jenkins plug-in for app developers is affected by a vulnerability.
Zoom classifies a vulnerability in the Zoom Workplace app for Linux as the most serious. This is of the “Type Confusion” type, in which data types passed do not match those expected by the program code, which can often lead to the execution of subverted code. In this case, logged-in users can extend their rights with network access – However, Zoom does not explain exactly what the attack on the vulnerability would look like (CVE-2025-0147, CVSS 8.8, risk “high”).
Other security vulnerabilities
Zoom has also closed security vulnerabilities classified as medium risk in the Workplace apps for Linux and Windows. The vulnerability in Zoom's Jenkins plug-in shares the same threat level.
Videos by heise
The developers have fixed the bugs in the versions
- Zoom Workplace App for Linux and macOS 6.2.10,
- Zoom Workplace App for Android, iOS and Windows 6.2.5,
- Zoom Workplace VDI Client for Windows 6.1.13,
- Zoom Rooms Client for macOS 6.2.10,
- Zoom Rooms Client for iPad and Windows 6.2.5,
- Zoom Rooms Controller for macOS 6.2.10,
- Zoom Rooms Controller for Android, Linux, and Windows 6.2.5,
- Zoom Meeting SDK for Linux and macOS 6.2.10,
- Zoom Meeting SDK for Android, iOS and Windows 6.2.5,
- Zoom Video SDK for Linux and macOS 6.2.10,
- Zoom Video SDK for Android, iOS and Windows 6.2.5,
- Zoom Jenkins Bot Plug-in 1.6
and newer versions are closed. Zoom provides updated packages on the download page. The updated Jenkins plug-in, on the other hand, can be found on the Jenkins website. IT managers should ensure that the updates are applied promptly.
The individual security notifications from Zoom, sorted by severity:
- Zoom Workplace App for Linux - Type Confusion CVE-2025-0147, CVSS 8.8, high
- Zoom Workplace Apps for Windows - Untrusted Search Path CVE-2025-0145, CVSS 4.6, medium
- Zoom Workplace Apps for Linux - Out-of-bounds Write CVE-2025-0143, CVSS 4.3, medium
- Zoom Jenkins bot plugin - Cleartext Storage of Sensitive Information CVE-2025-0142, CVSS 4.3, medium
- Zoom Workplace app for macOS - Symlink Following CVE-2025-0146, CVSS 3.9, low
- Zoom Workplace apps - Out-of-bounds write CVE-2025-0144, CVSS 3.1, low
Vulnerabilities are frequently found in the Zoom video conferencing software. Most recently, several security vulnerabilities were discovered in Zoom software in July last year. At that time, one of the vulnerabilities was also classified as high risk.
(dmk)
