Zoom Security Bulletin: Multiple CVEs including RCE, SSRF, and Auth Bypass in Clients

ZSB-25045: Zoom Workplace VDI Plugin macOS Universal Installer - Symlink Following - Severity: Medium - CVE: CVE-2025-30662 - Date Published: 11/11/2025 - Date Updated: 11/14/2025 ZSB-25048: Zoom Workplace Clients - Inefficient Regular Expression Complexity - Severity: High - CVE: CVE-2025-62484 - Date Published: 11/11/2025 - Date Updated: 11/11/2025 ZSB-25047: Zoom Clients - Improper Removal of Sensitive Information - Severity: Medium - CVE: CVE-2025-62483 - Date Published: 11/11/2025 - Date Updated: 11/11/2025 ZSB-25046: Zoom Workplace for Windows - Cross-site Scripting - Severity: Medium - CVE: CVE-2025-62482 - Date Published: 11/11/2025 - Date Updated: 11/11/2025 ZSB-25044: Zoom Workplace Clients - Improper Certificate Validation - Severity: Medium - CVE: CVE-2025-30669 - Date Published: 11/11/2025 - Date Updated: 11/11/2025 ZSB-25043: Zoom Workplace for Android - Improper Authorization Handling - Severity: High - CVE: CVE-2025-64741 - Date Published: 11/11/2025 - Date Updated: 11/11/2025 ZSB-25042: Zoom Workplace VDI Client for Windows - Improper Verification of Cryptographic Signature - Severity: High - CVE: CVE-2025-64740 - Date Published: 11/11/2025 - Date Updated: 11/11/2025 ZSB-25041: Zoom Clients - External Control of File Name or Path - Severity: Medium - CVE: CVE-2025-64739 - Date Published: 11/11/2025 - Date Updated: 11/11/2025 ZSB-25040: Zoom Workplace for macOS - External Control of File Name or Path - Severity: Medium - CVE: CVE-2025-64738 - Date Published: 11/11/2025 - Date Updated: 11/11/2025 ZSB-25015: Zoom Workplace Apps for Windows - Null Pointer Dereference - Severity: Medium - CVE: CVE-2025-30670, CVE-2025-30671 - Date Published: 04/08/2025 - Date Updated: 11/10/2025 ZSB-25039: Zoom Rooms Clients - Authentication Bypass - Severity: Medium - CVE: CVE-2025-58133 - Date Published: 10/14/2025 - Date Updated: 10/14/2025 ZSB-25038: Zoom Clients for Windows - Command Injection - Severity: Medium - CVE: CVE-2025-58132 - Date Published: 10/14/2025 - Date Updated: 10/14/2025 ZSB-25036: Zoom Workplace Clients for Windows - Improper Action Enforcement - Severity: Medium - CVE: CVE-2025-58135 - Date Published: 09/09/2025 - Date Updated: 09/24/2025 ZSB-25035: Zoom Workplace Clients for Windows - Incorrect Authorization - Severity: Medium - CVE: CVE-2025-58134 - Date Published: 09/09/2025 - Date Updated: 09/24/2025 ZSB-25034: Zoom Workplace Clients - Cross-site Scripting - Severity: Medium - CVE: CVE-2025-49461 - Date Published: 09/09/2025 - Date Updated: 09/24/2025 ZSB-25033: Zoom Workplace Clients - Uncontrolled Resource Consumption - Severity: Medium - CVE: CVE-2025-49460 - Date Published: 09/09/2025 - Date Updated: 09/24/2025 ZSB-25037: Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon - Race Condition - Severity: Medium - CVE: CVE-2025-58131 - Date Published: 09/09/2025 - Date Updated: 09/09/2025 ZSB-25032: Zoom Workplace for Windows on ARM - Missing Authorization - Severity: High - CVE: CVE-2025-49459 - Date Published: 09/09/2025 - Date Updated: 09/09/2025 ZSB-25031: Zoom Workplace Clients - Buffer Overflow - Severity: Medium - CVE: CVE-2025-49458 - Date Published: 09/09/2025 - Date Updated: 09/09/2025 ZSB-25030: Zoom Clients for Windows - Untrusted Search Path - Severity: Critical - CVE: CVE-2025-49457 - Date Published: 08/12/2025 - Date Updated: 08/14/2025

Goal Reached Thanks to every supporter — we hit 100%!

Zoom Security Bulletin: Multiple CVEs including RCE, SSRF, and Auth Bypass in Clients