Critical Security Vulnerabilities Found in Zoom Workplace Apps

Zoom Video Communications has reported the discovery of multiple security vulnerabilities within its Workplace Apps, with one flaw coming dangerously close to being classified as critical. The company has made available updated software versions to address these issues, urging IT administrators to promptly download and implement the updates.

The most severe vulnerability stems from a race condition, which occurs due to a mismatch between the timing of checks and the use of a component. This vulnerability, classified as CVE-2025-30663, poses a high risk (CVSS 8.8) as it allows authenticated users with local access to escalate their privileges. While Zoom's security advisory does not specify which component is affected or the exact method by which it can be exploited, the potential for misuse remains significant.

These vulnerabilities affect various versions of the Zoom Workplace App across multiple platforms, including Android, iOS, Linux, macOS, and Windows, specifically those prior to version 6.4.0. The affected components also include the Workplace VDI Client for Windows (version 6.3.10, excluding versions 6.1.16 and 6.2.12), Rooms Controller, and Rooms Client, among others. Users are encouraged to visit Zoom's download portal to access the patched versions.

In addition to the major vulnerability, Zoom has addressed several other security flaws within the Workplace Apps. These include:

• Improper Neutralization of Special Elements (CVE-2025-30664) - Medium risk, CVSS 6.6
• NULL Pointer Dereference in Zoom Workplace Apps for Windows (CVE-2025-30665 & CVE-2025-30666) - Medium risk, CVSS 6.5
• NULL Pointer Dereference in Zoom Workplace Apps (CVE-2025-30667) - Medium risk, CVSS 6.5
• Integer Underflow in Zoom Workplace Apps for Windows (CVE-2025-30668) - Medium risk, CVSS 6.5
• Buffer Over-read in Zoom Workplace Apps for Windows (CVE-2025-46785) - Medium risk, CVSS 6.5

IT administrators are reminded of the importance of maintaining updated software to safeguard against potential attacks. The last significant update occurred in mid-March, addressing various high-risk vulnerabilities that had been identified in Zoom's software.

With the rise in remote work and digital communication, ensuring the security of videoconferencing platforms has become increasingly critical. Organizations using Zoom are advised to take immediate action to mitigate risks associated with these vulnerabilities.