Zoom Security Update – Patch for Multiple Vulnerabilities in Clients for Windows and macOS

Security Update Overview

Zoom has issued a security update to address multiple vulnerabilities within its software, including Zoom Workplace and clients for Windows and macOS.

The update remediates one high-severity flaw and several medium-severity issues. Users are advised to update their applications promptly to mitigate potential security risks.

High-Severity Vulnerability

The principal vulnerability, identified as CVE-2025-49459, is a high-severity “Missing Authorization” flaw affecting Zoom Workplace for Windows on ARM. This vulnerability could allow unauthorized actions, compromising application security.

Flaws in Windows and macOS Clients

Additional medium-severity vulnerabilities have been addressed in the update. Two specific issues affect Zoom Workplace Clients for Windows:

• CVE-2025-58135: An “Improper Action Enforcement” vulnerability.
• CVE-2025-58134: An “Incorrect Authorization” issue, potentially allowing users to exceed permitted access levels.

Further medium-severity vulnerabilities impacting various Zoom Workplace clients include:

• CVE-2025-49458: A “Buffer Overflow” vulnerability, which could lead to arbitrary code execution.
• CVE-2025-49460: An “Argument Injection” flaw, allowing potential manipulation of application behavior through malicious arguments.
• CVE-2025-49461: A “Cross-site Scripting” (XSS) vulnerability that might permit script injection into web pages viewed by users.

An additional “Race Condition” vulnerability (CVE-2025-58131) was corrected in the Zoom Workplace VDI Plugin for macOS Universal installer for VMware Horizon. Race conditions may lead to unpredictable behavior, including denial of service or privilege escalation.

Zoom advises users to update their software regularly to receive the latest security fixes and improvements. Updates can be obtained from the company’s official website and through the application’s update channels.

For more details, please refer to the Zoom Security Bulletin.

To address the continuous discovery of security flaws, it is crucial for both individual users and organizations to apply these updates without delay. Failure to do so may leave systems vulnerable to a range of attacks, including data exfiltration, denial of service, and full system compromise.