Video conferencing app Zoom has issued a new update alert after fixing multiple vulnerabilities affecting its Workplace apps.
The fixes affect Zoom Workplace apps across various platforms, including Windows, macOS, Linux, iOS and Android. The worst issue is a flaw tracked as CVE-2025-30663, which is ranked as having a high severity, according to Zoom’s security bulletin.
The Zoom flaw is a time-of-check to time-of-use issue. This could, in theory, allow an attacker to modify or replace a file between it being checked and being used.
The other vulnerabilities are ranked as having a medium severity. Among these, CVE-2025-30668 is an integer underflow issue in Zoom Workplace apps for Windows.
Meanwhile, CVE-2025-46785 is a buffer over-read issue in Zoom Workplace apps for Windows. CVE-2025-30665 and CVE-2025-30666 are NULL pointer dereference issues in Zoom Workplace apps for Windows.
None of the flaws are known to have been used in real-life attacks.
The Zoom patches come at a busy time for updates. Apple has issued iOS 18.5, fixing over 30 issues in its iPhone operating system, alongside other updates including iPadOS 17.7.7. Meanwhile, Microsoft’s Patch Tuesday addresses a number of important flaws.
Zoom Flaw Allows Attacker To Elevate Privileges
In total, there are nine Zoom flaws, the worst of which could allow an attacker to elevate privileges, says Erich Kron, security awareness advocate at Knowbe4.
“Given the number of people that use and rely on Zoom for their organizations’ day-to-day activities, this type of flaw could be very significant,” he says.
Since the pandemic, Zoom has remained a key communication tool for businesses globally. But as AI allows attackers to create fake images and videos, it’s difficult to know whether people are who they say they are.
Deepfake audio and video have already been an issue, and in this case having a Zoom meeting initiated from a legitimate account could be the difference between a person believing the caller and not believing them, says Kron.
Fortunately, exploiting the Zoom flaw in question is not something that can be done easily remotely, he says. This means physical access to your device is required, which is obviously much more difficult for an adversary. “However, it demonstrates what may be possible with other future vulnerabilities that could be remotely exploited,” Kron says.
The Zoom updates cover multiple apps, so it’s a good idea to check your devices now. If the updates are available, apply them as soon as you can to keep your Zoom apps safe.