Zoom Security Update: Critical Patch Released for Multiple Vulnerabilities in Windows and macOS Clients

Zoom has released a critical security update addressing multiple vulnerabilities in its software, including Zoom Workplace and various clients for Windows and macOS. The update includes a high-severity flaw, identified as CVE-2025-49459, which is a “Missing Authorization” vulnerability affecting Zoom Workplace for Windows on ARM. This flaw could potentially allow an attacker to perform unauthorised actions, compromising the application’s security. Additionally, several medium-severity vulnerabilities were patched, including CVE-2025-58135, an “Improper Action Enforcement” issue, and CVE-2025-58134, an “Incorrect Authorization” flaw that could enable users to exceed their permitted access levels. Other vulnerabilities addressed include CVE-2025-49458, a “Buffer Overflow” vulnerability, CVE-2025-49460, an “Argument Injection” flaw, and CVE-2025-49461, a “Cross-site Scripting” (XSS) vulnerability.

The update also fixed a “Race Condition” vulnerability (CVE-2025-58131) in the Zoom Workplace VDI Plugin for macOS Universal installer for VMware Horizon. Zoom consistently advises users to update their software to the latest version to ensure they receive the most recent security fixes and improvements. This update follows a previous patch for a critical vulnerability, CVE-2025-49457, which highlighted the risks associated with outdated client versions. Users are urged to apply these updates promptly to protect against potential attacks, including data exfiltration and denial of service. The latest versions of Zoom software can be found on the company’s official website and through the application’s update channels. 

Categories: Security Vulnerabilities, Software Updates, Application Security 

Tags: Zoom, Security Update, Vulnerabilities, High-Severity, Medium-Severity, CVE-2025-49459, Authorization, Buffer Overflow, Cross-site Scripting, Race Condition