Videoconferences: High-risk rights extension gaps in Zoom Workplace apps
Zoom reports several security vulnerabilities in the workplace apps of the video conferencing software. One narrowly misses out on "critical" status.
(Image: fizkes/Shutterstock.com)
The company Zoom has discovered several security vulnerabilities in the Workplace Apps of the video conferencing software of the same name. The developers have provided updated software that seals these gaps. IT managers should download and install the updates quickly.
The most serious vulnerability stems from a race condition that opens up due to the time of check and the deviating time of use of a component (time-of-check time-of-use). Zoom does not explain in the security message which component is affected or how attackers can specifically abuse this. However, logged-in users with local access to the system can extend their rights as a result (CVE-2025-30663 / no EUVD yet, CVSS 8.8, risk"high").
The vulnerabilities impact the versions before the bug-fixed versions of the Zoom Workplace (Desktop) App for Android, iOS, Linux, macOS and Windows 6.4.0. The Workplace VDI Client for Windows 6.3.10 (except for versions 6.1.16 and 6.2.12), Rooms Controller for Android, Linux, macOS and Windows 6.4.0, Rooms Client for Android, iPad, macOS and Windows 6.4.0. 6.4.0. They also impact the Zoom Meeting SDK for Android, iOS, Linux, macOS and Windows 6.4.0. 6.4.0. Zoom provides the updated versions for download in the download portal.
Videos by heise
Several more vulnerabilities in Zoom Workplace Apps
The developers have also addressed further security vulnerabilities in the Zoom Workplace apps. Updates are also available for these, which admins can use to secure their systems against attacks. These are the following security vulnerabilities in descending order of risk:
- Zoom Workplace Apps - Improper Neutralization of Special Elements, CVE-2025-30664 / no EUVD, CVSS 6.6, risk"medium"
- Zoom Workplace Apps for Windows - NULL Pointer Dereference, CVE-2025-30665 & CVE-2025-30666, CVSS 6.5, risk "medium"
- Zoom Workplace Apps - NULL Pointer Dereference, CVE-2025-30667, CVSS 6.5, risk"medium"
- Zoom Workplace Apps for Windows - Integer Underflow, CVE-2025-30668, CVSS 6.5, risk"medium"
- Zoom Workplace Apps for Windows - Buffer Over-read, CVE-2025-46785, CVSS 6.5, risk"medium"
IT admins with Zoom software in their networks last had to take action in mid-March. Updates have sealed several security vulnerabilities, some of which are highly risky.
Empfohlener redaktioneller Inhalt
Mit Ihrer Zustimmung wird hier eine externe Umfrage (Opinary GmbH) geladen.
Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (Opinary GmbH) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.
(dmk)
