Security Bulletins

Zoom does not provide guidance on vulnerability impacts to individual customers due to a Zoom Security Bulletin or provide additional details about a vulnerability. We recommend users to update to the latest version of Zoom software in order to get the latest fixes and security improvements.

ZSB	Title	Severity	CVE	Date Published	Date Updated
ZSB-26005	Zoom Workplace for Windows - External Control of File Name or Path	Critical	CVE-2026-30903	03/10/2026	03/10/2026
ZSB-26004	Zoom Clients for Windows - Improper Privilege Management	High	CVE-2026-30902	03/10/2026	03/10/2026
ZSB-26003	Zoom Rooms for Windows - Improper Input Validation	High	CVE-2026-30901	03/10/2026	03/10/2026
ZSB-26002	Zoom Workplace Clients for Windows - Improper Check	High	CVE-2026-30900	03/10/2026	03/10/2026
ZSB-26001	Zoom Node Deployments - Command Injection	Critical	CVE-2026-22844	01/20/2026	01/20/2026
ZSB-25051	Zoom Rooms for macOS - External Control of File Name or Path	Medium	CVE-2025-67461	12/09/2025	12/09/2025
ZSB-25050	Zoom Rooms for Windows - Software Downgrade Protection Mechanism Failure	High	CVE-2025-67460	12/09/2025	12/09/2025
ZSB-25047	Zoom Clients - Improper Removal of Sensitive Information	Medium	CVE-2025-62483	11/11/2025	11/25/2025
ZSB-25041	Zoom Clients - External Control of File Name or Path	Medium	CVE-2025-64739	11/11/2025	11/25/2025
ZSB-25045	Zoom Workplace VDI Plugin macOS Universal Installer - Symlink Following	Medium	CVE-2025-30662	11/11/2025	11/14/2025
ZSB-25048	Zoom Workplace Clients - Inefficient Regular Expression Complexity	High	CVE-2025-62484	11/11/2025	11/11/2025
ZSB-25046	Zoom Workplace for Windows - Cross-site Scripting	Medium	CVE-2025-62482	11/11/2025	11/11/2025
ZSB-25044	Zoom Workplace Clients - Improper Certificate Validation	Medium	CVE-2025-30669	11/11/2025	11/11/2025
ZSB-25043	Zoom Workplace for Android - Improper Authorization Handling	High	CVE-2025-64741	11/11/2025	11/11/2025
ZSB-25042	Zoom Workplace VDI Client for Windows - Improper Verification of Cryptographic Signature	High	CVE-2025-64740	11/11/2025	11/11/2025
ZSB-25040	Zoom Workplace for macOS - External Control of File Name or Path	Medium	CVE-2025-64738	11/11/2025	11/11/2025
ZSB-25015	Zoom Workplace Apps for Windows - Null Pointer Dereference	Medium	CVE-2025-30670, CVE-2025-30671	04/08/2025	11/10/2025
ZSB-25039	Zoom Rooms Clients - Authentication Bypass	Medium	CVE-2025-58133	10/14/2025	10/14/2025
ZSB-25038	Zoom Clients for Windows - Command Injection	Medium	CVE-2025-58132	10/14/2025	10/14/2025
ZSB-25036	Zoom Workplace Clients for Windows - Improper Action Enforcement	Medium	CVE-2025-58135	09/09/2025	09/24/2025
ZSB-25035	Zoom Workplace Clients for Windows - Incorrect Authorization	Medium	CVE-2025-58134	09/09/2025	09/24/2025
ZSB-25034	Zoom Workplace Clients - Cross-site Scripting	Medium	CVE-2025-49461	09/09/2025	09/24/2025
ZSB-25033	Zoom Workplace Clients - Uncontrolled Resource Consumption	Medium	CVE-2025-49460	09/09/2025	09/24/2025
ZSB-25037	Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon - Race Condition	Medium	CVE-2025-58131	09/09/2025	09/09/2025
ZSB-25032	Zoom Workplace for Windows on ARM - Missing Authorization	High	CVE-2025-49459	09/09/2025	09/09/2025
ZSB-25031	Zoom Workplace Clients - Buffer Overflow	Medium	CVE-2025-49458	09/09/2025	09/09/2025
ZSB-25030	Zoom Clients for Windows - Untrusted Search Path	Critical	CVE-2025-49457	08/12/2025	08/14/2025
ZSB-25029	Zoom Clients for Windows- Race Condition	Medium	CVE-2025-49456	08/12/2025	08/12/2025
ZSB-25028	Zoom Clients for Windows- Classic Buffer Overflow	Medium	CVE-2025-49465	07/08/2025	07/09/2025
ZSB-25027	Zoom Clients for macOS - Improper Authentication	Medium	CVE-2025-49464	07/08/2025	07/08/2025
ZSB-25026	Zoom Clients for iOS - Insufficient Control Flow Management	Medium	CVE-2025-49463	07/08/2025	07/08/2025
ZSB-25025	Zoom Clients - Cross-site Scripting	Low	CVE-2025-49462	07/08/2025	07/08/2025
ZSB-25024	Zoom Clients for Windows - Classic Buffer Overflow	Medium	CVE-2025-46789	07/08/2025	07/08/2025
ZSB-25023	Zoom Workplace for Linux - Improper Certificate Validation	High	CVE-2025-46788	07/08/2025	07/08/2025
ZSB-25020	Zoom Workplace Apps - Integer Underflow	Medium	CVE-2025-30668	05/13/2025	05/13/2025
ZSB-25022	Zoom Workplace Apps - Improper Neutralization of Special Elements	Medium	CVE-2025-46786, CVE-2025-46787	05/13/2025	05/13/2025
ZSB-25021	Zoom Workplace Apps for Windows - Buffer Over-read	Medium	CVE-2025-46785	05/13/2025	05/13/2025
ZSB-25019	Zoom Workplace Apps - NULL Pointer Dereference	Medium	CVE-2025-30667	05/13/2025	05/13/2025
ZSB-25018	Zoom Workplace Apps for Windows - NULL Pointer Dereference	Medium	CVE-2025-30665, CVE-2025-30666	05/13/2025	05/13/2025
ZSB-25017	Zoom Workplace Apps - Improper Neutralization of Special Elements	Medium	CVE-2025-30664	05/13/2025	05/13/2025
ZSB-25016	Zoom Workplace Apps - Time-of-check Time-of-use	High	CVE-2025-30663	05/13/2025	05/13/2025
ZSB-25014	Zoom Workplace Apps for Windows - Insecure Default Variable Initialization	Low	CVE-2025-27443	04/08/2025	04/08/2025
ZSB-25013	Zoom Workplace Apps - Cross Site Scripting	Medium	CVE-2025-27441, CVE-2025-27442	04/08/2025	04/08/2025
ZSB-25012	Zoom Workplace Apps - Heap-based Buffer Overflow	High	CVE-2025-27440	03/11/2025	03/21/2025
ZSB-25011	Zoom Workplace Apps - Buffer Underflow	High	CVE-2025-27439	03/11/2025	03/21/2025
ZSB-25010	Zoom Workplace Apps - Use After Free	High	CVE-2025-0151	03/11/2025	03/21/2025
ZSB-25008	Zoom Workplace Apps - Insufficient Verification of Data Authenticity	Medium	CVE-2025-0149	03/11/2025	03/21/2025
ZSB-25009	Zoom Workplace Apps for iOS - Incorrect Behavior Order	High	CVE-2025-0150	03/11/2025	03/11/2025
ZSB-25007	Jenkins Marketplace Plugin - Missing Password Field Masking	Low	CVE-2025-0148	02/03/2025	02/03/2025
ZSB-25001	Zoom Jenkins bot plugin - Cleartext Storage of Sensitive Information	Medium	CVE-2025-0142	01/14/2025	01/30/2025
ZSB-25006	Zoom Workplace App for Linux - Type Confusion	High	CVE-2025-0147	01/14/2025	01/14/2025
ZSB-25005	Zoom Workplace app for macOS - Symlink Following	Low	CVE-2025-0146	01/14/2025	01/14/2025
ZSB-25004	Zoom Workplace Apps for Windows - Untrusted Search Path	Medium	CVE-2025-0145	01/14/2025	01/14/2025
ZSB-25003	Zoom Workplace Apps - Out-of-bounds Write	Low	CVE-2025-0144	01/14/2025	01/14/2025
ZSB-25002	Zoom Workplace Apps for Linux - Out-of-bounds Write	Medium	CVE-2025-0143	01/14/2025	01/14/2025
ZSB-24035	Zoom Workplace Desktop App for Linux - Improper Input Validation	Medium	CVE-2024-42433	08/13/2024	12/03/2024
ZSB-24044	Zoom Apps - Improper Input Validation	Medium	CVE-2024-45422	11/12/2024	11/12/2024
ZSB-24043	Zoom Apps - Buffer Overflow	High	CVE-2024-45421	11/12/2024	11/12/2024
ZSB-24042	Zoom Apps - Uncontrolled Resource Consumption	Medium	CVE-2024-45420	11/12/2024	11/12/2024
ZSB-24041	Zoom Apps - Improper Input Validation	High	CVE-2024-45419	11/12/2024	11/12/2024

No results found.

The official text for Zoom Security Bulletins is English. Translations are provided for your convenience and Zoom does not make any promises, assurances, or guarantees as to the accuracy of these translations.

Zoom Workplace

Business Services

By industry

By audience

Enterprise

For Developer

For partners

🚀 NEW My notes, your AI note taker

Security Bulletins

Security Bulletins

Subscribe for updates