Analysis Summary

Zoom has released a new wave of security bulletins addressing multiple vulnerabilities across its Workplace applications for Android, Windows, macOS, and VDI clients. The disclosures include two high-severity and several medium-rated flaws, reflecting the ongoing security challenges faced by collaboration platforms widely used in hybrid work environments. The most critical vulnerabilities — ZSB-25043 and ZSB-25042 — involve improper authorization handling and cryptographic verification issues. Specifically, CVE-2025-64741 in Zoom Workplace for Android could allow attackers to bypass access controls and perform unauthorized actions, such as joining meetings or accessing session data, while CVE-2025-64740 in the Windows VDI Client could enable tampered update acceptance or communication interception due to improper signature validation.

In addition to these, two medium-severity vulnerabilities — ZSB-25041 (CVE-2025-64739) and ZSB-25040 (CVE-2025-64738) — highlight path manipulation risks in various Zoom Clients and the macOS version, respectively. These flaws could allow adversaries to manipulate file paths or overwrite important files, leading to data leakage or potential code execution if chained with other exploits. Such vulnerabilities resemble traditional web-based path traversal issues but within desktop applications, underscoring the need for consistent input sanitization across all Zoom platforms.

Another advisory, ZSB-25015, updates an earlier April 2025 disclosure to include null pointer dereference vulnerabilities (CVE-2025-30670 and CVE-2025-30671) in Zoom Workplace Apps for Windows. Although these flaws do not permit remote code execution, they can cause application crashes and denial-of-service conditions, potentially impacting business continuity. This reiterates the importance of maintaining software reliability and addressing lower-severity flaws that could still disrupt enterprise workflows if exploited repeatedly.

Zoom strongly recommends that all users apply the latest updates immediately to mitigate these risks. While the company has not disclosed evidence of active exploitation, security experts caution that the combination of authorization bypass and signature verification flaws could be leveraged in chained attacks to escalate privileges or compromise enterprise networks. As the remote and hybrid work landscape continues to expand, organizations are urged to prioritize patch management, enable multi-factor authentication, and closely monitor their systems for abnormal activity. This series of updates continues Zoom’s 2025 trend of addressing critical vulnerabilities swiftly, reinforcing the need for proactive security measures in unified communication environments.

Impact

• Code Execution
• Security Bypass
• Gain Access

Indicators of Compromise

CVE

• CVE-2025-64741

• CVE-2025-64740

• CVE-2025-64739

• CVE-2025-64738

• CVE-2025-30670

• CVE-2025-30671

Affected Vendors

Remediation

• Update immediately to the latest versions of Zoom Workplace across Android, Windows, macOS, and VDI clients to patch all known vulnerabilities.
• Verify automatic updates are enabled to ensure timely patching of future security releases.
• Restrict application permissions on Android devices to minimize the impact of authorization bypass vulnerabilities.
• Validate software authenticity by downloading updates only from official Zoom sources to prevent tampered or malicious packages.
• Implement multi-factor authentication (MFA) to add an additional layer of security for user accounts.