Zoom does not provide guidance on vulnerability impacts to individual customers due to a Zoom Security Bulletin or provide additional details about a vulnerability. We recommend users to update to the latest version of Zoom software in order to get the latest fixes and security improvements.
Security Bulletins
| ZSB | Title | Severity | CVE | Date Published | Date Updated |
|---|---|---|---|---|---|
| ZSB-25036 | Zoom Workplace Clients for Windows - Improper Action Enforcement | Medium | CVE-2025-58135 | 09/09/2025 | 09/12/2025 |
| ZSB-25033 | Zoom Workplace Clients - Uncontrolled Resource Consumption | Medium | CVE-2025-49460 | 09/09/2025 | 09/09/2025 |
| ZSB-25037 | Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon - Race Condition | Medium | CVE-2025-58131 | 09/09/2025 | 09/09/2025 |
| ZSB-25035 | Zoom Workplace Clients for Windows - Incorrect Authorization | Medium | CVE-2025-58134 | 09/09/2025 | 09/09/2025 |
| ZSB-25034 | Zoom Workplace Clients - Cross-site Scripting | Medium | CVE-2025-49461 | 09/09/2025 | 09/09/2025 |
| ZSB-25032 | Zoom Workplace for Windows on ARM - Missing Authorization | High | CVE-2025-49459 | 09/09/2025 | 09/09/2025 |
| ZSB-25031 | Zoom Workplace Clients - Buffer Overflow | Medium | CVE-2025-49458 | 09/09/2025 | 09/09/2025 |
| ZSB-25030 | Zoom Clients for Windows - Untrusted Search Path | Critical | CVE-2025-49457 | 08/12/2025 | 08/14/2025 |
| ZSB-25029 | Zoom Clients for Windows- Race Condition | Medium | CVE-2025-49456 | 08/12/2025 | 08/12/2025 |
| ZSB-25028 | Zoom Clients for Windows- Classic Buffer Overflow | Medium | CVE-2025-49465 | 07/08/2025 | 07/09/2025 |
| ZSB-25027 | Zoom Clients for macOS - Improper Authentication | Medium | CVE-2025-49464 | 07/08/2025 | 07/08/2025 |
| ZSB-25026 | Zoom Clients for iOS - Insufficient Control Flow Management | Medium | CVE-2025-49463 | 07/08/2025 | 07/08/2025 |
| ZSB-25025 | Zoom Clients - Cross-site Scripting | Low | CVE-2025-49462 | 07/08/2025 | 07/08/2025 |
| ZSB-25024 | Zoom Clients for Windows - Classic Buffer Overflow | Medium | CVE-2025-46789 | 07/08/2025 | 07/08/2025 |
| ZSB-25023 | Zoom Workplace for Linux - Improper Certificate Validation | High | CVE-2025-46788 | 07/08/2025 | 07/08/2025 |
| ZSB-25015 | Zoom Workplace Apps for Windows - Null Pointer Dereference | Medium | CVE-2025-30670, CVE-2025-30671, CVE-2025-30672 | 04/08/2025 | 05/14/2025 |
| ZSB-25020 | Zoom Workplace Apps - Integer Underflow | Medium | CVE-2025-30668 | 05/13/2025 | 05/13/2025 |
| ZSB-25022 | Zoom Workplace Apps - Improper Neutralization of Special Elements | Medium | CVE-2025-46786, CVE-2025-46787 | 05/13/2025 | 05/13/2025 |
| ZSB-25021 | Zoom Workplace Apps for Windows - Buffer Over-read | Medium | CVE-2025-46785 | 05/13/2025 | 05/13/2025 |
| ZSB-25019 | Zoom Workplace Apps - NULL Pointer Dereference | Medium | CVE-2025-30667 | 05/13/2025 | 05/13/2025 |
| ZSB-25018 | Zoom Workplace Apps for Windows - NULL Pointer Dereference | Medium | CVE-2025-30665, CVE-2025-30666 | 05/13/2025 | 05/13/2025 |
| ZSB-25017 | Zoom Workplace Apps - Improper Neutralization of Special Elements | Medium | CVE-2025-30664 | 05/13/2025 | 05/13/2025 |
| ZSB-25016 | Zoom Workplace Apps - Time-of-check Time-of-use | High | CVE-2025-30663 | 05/13/2025 | 05/13/2025 |
| ZSB-25014 | Zoom Workplace Apps for Windows - Insecure Default Variable Initialization | Low | CVE-2025-27443 | 04/08/2025 | 04/08/2025 |
| ZSB-25013 | Zoom Workplace Apps - Cross Site Scripting | Medium | CVE-2025-27441, CVE-2025-27442 | 04/08/2025 | 04/08/2025 |
| ZSB-25012 | Zoom Workplace Apps - Heap-based Buffer Overflow | High | CVE-2025-27440 | 03/11/2025 | 03/21/2025 |
| ZSB-25011 | Zoom Workplace Apps - Buffer Underflow | High | CVE-2025-27439 | 03/11/2025 | 03/21/2025 |
| ZSB-25010 | Zoom Workplace Apps - Use After Free | High | CVE-2025-0151 | 03/11/2025 | 03/21/2025 |
| ZSB-25008 | Zoom Workplace Apps - Insufficient Verification of Data Authenticity | Medium | CVE-2025-0149 | 03/11/2025 | 03/21/2025 |
| ZSB-25009 | Zoom Workplace Apps for iOS - Incorrect Behavior Order | High | CVE-2025-0150 | 03/11/2025 | 03/11/2025 |
| ZSB-25007 | Jenkins Marketplace Plugin - Missing Password Field Masking | Low | CVE-2025-0148 | 02/03/2025 | 02/03/2025 |
| ZSB-25001 | Zoom Jenkins bot plugin - Cleartext Storage of Sensitive Information | Medium | CVE-2025-0142 | 01/14/2025 | 01/30/2025 |
| ZSB-25006 | Zoom Workplace App for Linux - Type Confusion | High | CVE-2025-0147 | 01/14/2025 | 01/14/2025 |
| ZSB-25005 | Zoom Workplace app for macOS - Symlink Following | Low | CVE-2025-0146 | 01/14/2025 | 01/14/2025 |
| ZSB-25004 | Zoom Workplace Apps for Windows - Untrusted Search Path | Medium | CVE-2025-0145 | 01/14/2025 | 01/14/2025 |
| ZSB-25003 | Zoom Workplace Apps - Out-of-bounds Write | Low | CVE-2025-0144 | 01/14/2025 | 01/14/2025 |
| ZSB-25002 | Zoom Workplace Apps for Linux - Out-of-bounds Write | Medium | CVE-2025-0143 | 01/14/2025 | 01/14/2025 |
| ZSB-24035 | Zoom Workplace Desktop App for Linux - Improper Input Validation | Medium | CVE-2024-42433 | 08/13/2024 | 12/03/2024 |
| ZSB-24044 | Zoom Apps - Improper Input Validation | Medium | CVE-2024-45422 | 11/12/2024 | 11/12/2024 |
| ZSB-24043 | Zoom Apps - Buffer Overflow | High | CVE-2024-45421 | 11/12/2024 | 11/12/2024 |
No results found.
The official text for Zoom Security Bulletins is English. Translations are provided for your convenience and Zoom does not make any promises, assurances, or guarantees as to the accuracy of these translations.