Zoom released a security update addressing multiple vulnerabilities in its software, including Zoom Workplace and various clients for Windows and macOS.
The patches cover one high-severity flaw and several medium-severity issues, prompting a strong recommendation for users to update their applications immediately to safeguard against potential exploits.
The most significant vulnerability fixed in this update is a high-severity “Missing Authorization” flaw, identified as CVE-2025-49459, affecting Zoom Workplace for Windows on ARM.
This type of vulnerability could potentially allow an attacker to perform actions they are not authorized to do, leading to a compromise of the application’s security.
Flaws in Windows and macOS Clients
Several medium-severity vulnerabilities were also addressed. Two of these specifically impact Zoom Workplace Clients for Windows:
- CVE-2025-58135: An “Improper Action Enforcement” vulnerability.
- CVE-2025-58134: An “Incorrect Authorization” issue, which could allow users to exceed their permitted access levels.
The security bulletin also detailed other medium-severity vulnerabilities affecting a broader range of Zoom Workplace clients:
- CVE-2025-49458: A “Buffer Overflow” vulnerability, which could lead to arbitrary code execution.
- CVE-2025-49460: An “Argument Injection” flaw, where attackers could potentially manipulate the application’s behavior by inserting malicious arguments.
- CVE-2025-49461: A “Cross-site Scripting” (XSS) vulnerability, which might allow an attacker to inject malicious scripts into web pages viewed by users.
Additionally, a “Race Condition” vulnerability (CVE-2025-58131) was patched in the Zoom Workplace VDI Plugin for macOS Universal installer for VMware Horizon. Race conditions can lead to unpredictable behavior, including denial of service or privilege escalation.
Zoom consistently advises users to update their software to the latest version to receive the most recent security fixes and improvements.
This latest batch of patches comes a month after Zoom addressed a critical vulnerability, CVE-2025-49457, an untrusted search path flaw in its Windows clients that could allow for privilege escalation.
That vulnerability, with a CVSS score of 9.6, highlighted the significant risks associated with outdated client versions, as it could enable an unauthenticated attacker to gain elevated privileges over a network.
Given the continuous discovery of security flaws, from critical to medium severity, it is crucial for both individual users and organizations to apply these updates promptly.
Delaying updates can leave systems exposed to a variety of attacks, including data exfiltration, denial of service, and full system compromise. Users can find the latest versions of the Zoom software on the company’s official website and through the application’s update channels.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
