Summary: Zoom has announced the patching of five vulnerabilities in its applications, with four classified as ‘high severity.’ These vulnerabilities could lead to privilege escalation and denial of service attacks, mainly affecting Zoom Workplace, Rooms Controller, and Meeting SDK products prior to version 6.3.0. All vulnerabilities were identified by Zoom’s internal security team.
Affected: Zoom applications (Workplace, Rooms Controller, Rooms Client, Meeting SDK)
Keypoints :
- Four high-severity vulnerabilities identified as CVE-2025-27440, CVE-2025-27439, CVE-2025-0151, and CVE-2025-0150.
- Three memory-related issues can be exploited for privilege escalation but require authentication.
- A medium-severity issue allows unprivileged users to launch denial of service (DoS) attacks.
- The fourth high-severity vulnerability can be exploited for DoS by an authenticated attacker in the Zoom Workplace app and Meeting SDK for iOS.
- All vulnerabilities were discovered internally by Zoom’s offensive security team.
Source: https://www.securityweek.com/zoom-patches-4-high-severity-vulnerabilities/