Request a Demo
Rewterz
Lumma Stealer Malware aka LummaC – Active IOCs
April 15, 2025
Rewterz
RedLine Stealer – Active IOCs
April 16, 2025

Multiple Zoom Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2025-30670 CVSS:6.5

Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

CVE-2025-30671 CVSS:6.5

Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

CVE-2025-30672 CVSS:6.5

Mite for Perl versions before 0.013000 has a vulnerability related to its code generation process. The software adds the current working directory ('.') to the @INC path, which is similar to the issue identified in CVE-2016-1238. This configuration allows an attacker who can place a malicious file in the current working directory to potentially replace legitimate files during loading. As a result, the vulnerability could enable arbitrary code execution. The security issue impacts both the Mite distribution itself and other distributions that include code generated by Mite.

CVE-2025-27443 CVSS:2.8

Insecure default variable initialization in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a loss of integrity via local access.

CVE-2025-27441 CVSS:4.6

Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access.

CVE-2025-27442 CVSS:4.6

Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access.

Impact

  • Denial of Service
  • Cross-Site Scripting
  • Code Execution

Indicators of Compromise

CVE

  • CVE-2025-30670
  • CVE-2025-30671
  • CVE-2025-30672
  • CVE-2025-27443
  • CVE-2025-27441
  • CVE-2025-27442

Affected Vendors

Zoom

Affected Products

  • Zoom Meeting SDK for Linux - 6.3.0
  • Zoom Meeting SDK for macOS - 6.3.0
  • Zoom Meeting SDK for Android - 6.3.0
  • Zoom Meeting SDK for iOS - 6.3.10
  • Zoom Meeting SDK for Windows - 6.3.10
  • Zoom Rooms Client for iPad - 6.4.0
  • Zoom Rooms Client for Android - 6.4.0
  • Zoom Rooms Client for macOS - 6.4.0
  • Zoom Rooms Controller for Android - 6.4.0
  • Zoom Rooms Controller for Linux - 6.4.0
  • Zoom Rooms Controller for macOS - 6.4.0
  • Zoom Workplace VDI Client for Windows - 6.2.12 (except version 6.1.16)
  • Zoom Workplace App for Android - 6.3.10
  • Zoom Workplace App for iOS - 6.3.10
  • Zoom Workplace Desktop App for Linux - 6.31.0
  • Zoom Workplace Desktop App for macOS - 6.3.10
  • Zoom Rooms Client for Windows before - 6.4.0
  • Zoom Rooms Controller for Windows before - 6.4.0
  • Zoom Workplace Desktop App for Windows - 6.3.10

Remediation

Refer to Zoom Security Advisory for patch, upgrade or suggested workaround information.

CVE-2025-30670

CVE-2025-30671

CVE-2025-30672

CVE-2025-27443

CVE-2025-27441

CVE-2025-27442