Zoom does not provide guidance on vulnerability impacts to individual customers due to a Zoom Security Bulletin or provide additional details about a vulnerability. We recommend users to update to the latest version of Zoom software in order to get the latest fixes and security improvements.
Security Bulletins
| ZSB | Title | Severity | CVE | Date Published | Date Updated |
|---|---|---|---|---|---|
| ZSB-26005 | Zoom Workplace for Windows - External Control of File Name or Path | Critical | CVE-2026-30903 | 03/10/2026 | 03/10/2026 |
| ZSB-26004 | Zoom Clients for Windows - Improper Privilege Management | High | CVE-2026-30902 | 03/10/2026 | 03/10/2026 |
| ZSB-26003 | Zoom Rooms for Windows - Improper Input Validation | High | CVE-2026-30901 | 03/10/2026 | 03/10/2026 |
| ZSB-26002 | Zoom Workplace Clients for Windows - Improper Check | High | CVE-2026-30900 | 03/10/2026 | 03/10/2026 |
| ZSB-26001 | Zoom Node Deployments - Command Injection | Critical | CVE-2026-22844 | 01/20/2026 | 01/20/2026 |
| ZSB-25051 | Zoom Rooms for macOS - External Control of File Name or Path | Medium | CVE-2025-67461 | 12/09/2025 | 12/09/2025 |
| ZSB-25050 | Zoom Rooms for Windows - Software Downgrade Protection Mechanism Failure | High | CVE-2025-67460 | 12/09/2025 | 12/09/2025 |
| ZSB-25047 | Zoom Clients - Improper Removal of Sensitive Information | Medium | CVE-2025-62483 | 11/11/2025 | 11/25/2025 |
| ZSB-25041 | Zoom Clients - External Control of File Name or Path | Medium | CVE-2025-64739 | 11/11/2025 | 11/25/2025 |
| ZSB-25045 | Zoom Workplace VDI Plugin macOS Universal Installer - Symlink Following | Medium | CVE-2025-30662 | 11/11/2025 | 11/14/2025 |
| ZSB-25048 | Zoom Workplace Clients - Inefficient Regular Expression Complexity | High | CVE-2025-62484 | 11/11/2025 | 11/11/2025 |
| ZSB-25046 | Zoom Workplace for Windows - Cross-site Scripting | Medium | CVE-2025-62482 | 11/11/2025 | 11/11/2025 |
| ZSB-25044 | Zoom Workplace Clients - Improper Certificate Validation | Medium | CVE-2025-30669 | 11/11/2025 | 11/11/2025 |
| ZSB-25043 | Zoom Workplace for Android - Improper Authorization Handling | High | CVE-2025-64741 | 11/11/2025 | 11/11/2025 |
| ZSB-25042 | Zoom Workplace VDI Client for Windows - Improper Verification of Cryptographic Signature | High | CVE-2025-64740 | 11/11/2025 | 11/11/2025 |
| ZSB-25040 | Zoom Workplace for macOS - External Control of File Name or Path | Medium | CVE-2025-64738 | 11/11/2025 | 11/11/2025 |
| ZSB-25015 | Zoom Workplace Apps for Windows - Null Pointer Dereference | Medium | CVE-2025-30670, CVE-2025-30671 | 04/08/2025 | 11/10/2025 |
| ZSB-25039 | Zoom Rooms Clients - Authentication Bypass | Medium | CVE-2025-58133 | 10/14/2025 | 10/14/2025 |
| ZSB-25038 | Zoom Clients for Windows - Command Injection | Medium | CVE-2025-58132 | 10/14/2025 | 10/14/2025 |
| ZSB-25036 | Zoom Workplace Clients for Windows - Improper Action Enforcement | Medium | CVE-2025-58135 | 09/09/2025 | 09/24/2025 |
No results found.
The official text for Zoom Security Bulletins is English. Translations are provided for your convenience and Zoom does not make any promises, assurances, or guarantees as to the accuracy of these translations.