Governement warns of new security flaw in Zoom products: All the details

zoom

The Indian Computer Emergency Response Team (CERT-In) has issued a vulnerability note (CIVN-2025-0049) regarding a denial-of-service (DoS) vulnerability in multiple Zoom products. The flaw, tracked as CVE-2025-0149, affects various versions of Zoom Workplace, Zoom Rooms, and Zoom Meeting SDK across Windows, macOS, Linux, Android, and iOS.

The vulnerability impacts:

• Zoom Workplace Desktop App (Windows, macOS, Linux) before version 6.3.0

• Zoom Workplace App (iOS, Android) before version 6.3.0

• Zoom Workplace VDI Client (Windows) before version 6.2.10 (except 6.1.15)

• Zoom Rooms Controller (Windows, macOS, Linux, Android) before version 6.3.0

• Zoom Rooms Client (Windows, macOS, Android, iPad) before version 6.3.0

• Zoom Meeting SDK (Windows, iOS, Android, macOS, Linux) before version 6.3.0

The flaw arises due to insufficient verification of data authenticity in affected Zoom applications. This could allow an attacker to exploit network access and trigger a DoS condition, leading to service disruptions. An unprivileged user could send manipulated data packets, rendering the application unresponsive or unavailable.

• Disruption of Zoom meetings and communication services.

• Service unavailability for affected applications.

• Potential loss of productivity for businesses and users relying on Zoom.

CERT-In and Zoom recommends users update to the latest versions of the affected software to mitigate the risk. The security updates are available in Zoom’s Security Bulletin at:

https://www.zoom.com/en/trust/security-bulletin/zsb-25008/

Users are advised to apply the updates immediately to protect their systems. IT administrators should ensure all workplace devices running Zoom applications are patched to the latest versions. Keeping software up to date is critical to reducing exposure to security vulnerabilities.