Summary: Zoom Communications, Inc. has issued security advisories for multiple vulnerabilities across its Workplace Apps and Meeting SDKs, with severity levels ranging from medium to high. Notable vulnerabilities include several related to privilege escalation, with CVSS scores of 8.5, as well as a denial-of-service issue affecting iOS. Users are advised to update to the latest versions to mitigate the risks associated with these vulnerabilities.
Affected: Zoom Workplace Apps and Zoom Meeting SDKs
Keypoints :
- Critical vulnerability CVE-2025-27440 allows privilege escalation via a heap overflow issue, affecting multiple platforms.
- High-severity buffer underflow vulnerability CVE-2025-27439 also permits privilege escalation across Zoom products.
- Denial-of-service vulnerability CVE-2025-0150 impacts iOS users due to incorrect behavior order.
- Recommendation for all users to apply the latest patches from the Zoom website.