April 18, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Lumma Stealer Malware aka LummaC – Active IOCs
April 15, 2025Hackers Actively Exploiting Windows NTLM Spoofing Vulnerability to Compromise Systems – Active IOCs
April 16, 2025Lumma Stealer Malware aka LummaC – Active IOCs
April 15, 2025Hackers Actively Exploiting Windows NTLM Spoofing Vulnerability to Compromise Systems – Active IOCs
April 16, 2025
Severity
High
Analysis Summary
CVE-2025-30670 CVSS:6.5
Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
CVE-2025-30671 CVSS:6.5
Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
CVE-2025-30672 CVSS:6.5
Mite for Perl versions before 0.013000 has a vulnerability related to its code generation process. The software adds the current working directory ('.') to the @INC path, which is similar to the issue identified in CVE-2016-1238. This configuration allows an attacker who can place a malicious file in the current working directory to potentially replace legitimate files during loading. As a result, the vulnerability could enable arbitrary code execution. The security issue impacts both the Mite distribution itself and other distributions that include code generated by Mite.
CVE-2025-27443 CVSS:2.8
Insecure default variable initialization in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a loss of integrity via local access.
CVE-2025-27441 CVSS:4.6
Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access.
CVE-2025-27442 CVSS:4.6
Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access.
Impact
- Denial of Service
- Cross-Site Scripting
- Code Execution
Indicators of Compromise
CVE
- CVE-2025-30670
- CVE-2025-30671
- CVE-2025-30672
- CVE-2025-27443
- CVE-2025-27441
- CVE-2025-27442
Affected Vendors
Zoom
Affected Products
- Zoom Meeting SDK for Linux - 6.3.0
- Zoom Meeting SDK for macOS - 6.3.0
- Zoom Meeting SDK for Android - 6.3.0
- Zoom Meeting SDK for iOS - 6.3.10
- Zoom Meeting SDK for Windows - 6.3.10
- Zoom Rooms Client for iPad - 6.4.0
- Zoom Rooms Client for Android - 6.4.0
- Zoom Rooms Client for macOS - 6.4.0
- Zoom Rooms Controller for Android - 6.4.0
- Zoom Rooms Controller for Linux - 6.4.0
- Zoom Rooms Controller for macOS - 6.4.0
- Zoom Workplace VDI Client for Windows - 6.2.12 (except version 6.1.16)
- Zoom Workplace App for Android - 6.3.10
- Zoom Workplace App for iOS - 6.3.10
- Zoom Workplace Desktop App for Linux - 6.31.0
- Zoom Workplace Desktop App for macOS - 6.3.10
- Zoom Rooms Client for Windows before - 6.4.0
- Zoom Rooms Controller for Windows before - 6.4.0
- Zoom Workplace Desktop App for Windows - 6.3.10
Remediation
Refer to Zoom Security Advisory for patch, upgrade or suggested workaround information.
