Popular video conferencing service Zoom has resolved 5 security vulnerabilities (CVE-2025-0149, CVE-2025-0150, CVE-2025-0151, CVE-2025-27439, CVE-2025-27440) in Zoom products. A malicious actor could exploit some of these vulnerabilities to trigger elevation of privilege and denial of service condition on the targeted system. Issues affect:

• Zoom Workplace Desktop App for Windows before version 6.3.0;

• Zoom Workplace Desktop App for macOS before version 6.3.0;

• Zoom Workplace Desktop App for Linux before version 6.3.0;

• Zoom Workplace App for iOS before version 6.3.0;

• Zoom Workplace App for Android before version 6.3.0;

• Zoom Workplace VDI Client for Windows before version 6.2.12 (except version 6.1.16);

• Zoom Rooms Controller for Windows before version 6.3.0;

• Zoom Rooms Controller for macOS before version 6.3.0;

• Zoom Rooms Controller for Linux before version 6.3.0;

• Zoom Rooms Controller for Android before version 6.3.0;

• Zoom Rooms Client for Windows before version 6.3.0;

• Zoom Rooms Client for macOS before version 6.3.0;

• Zoom Rooms Client for Android before version 6.3.0;

• Zoom Rooms Client for iPad before version 6.3.0;

• Zoom Meeting SDK for Windows before version 6.3.0;

• Zoom Meeting SDK for iOS before version 6.3.0;

• Zoom Meeting SDK for Android before version 6.3.0;

• Zoom Meeting SDK for macOS before version 6.3.0;

• Zoom Meeting SDK for Linux before version 6.3.0.

More information on vulnerabilities and updates is available in Zoom security bulletins – zoom.us