Zoom has released a security update addressing several flaws in its software, including Zoom Workplace and various Windows and macOS clients.
The update fixes one high-severity issue and several medium-severity vulnerabilities.
Users are strongly urged to install the latest version immediately to protect against possible exploits.
High-Severity “Missing Authorization” Flaw
The most critical issue fixed in this release is CVE-2025-49459, a Missing Authorization vulnerability in Zoom Workplace for Windows on ARM.
This flaw could allow an attacker to perform actions without proper permission, potentially compromising sensitive data or system integrity.
Exploiting this bug requires only that the attacker interact with a vulnerable client, making it especially urgent to apply the patch.
In addition to CVE-2025-49459, this update covers a series of medium-severity vulnerabilities. Zoom has corrected two authorization issues in its Windows Workplace Clients.
CVE-2025-58135 is an Improper Action Enforcement vulnerability, while CVE-2025-58134 is an Incorrect Authorization flaw.
Both bugs could enable users to exceed allowed access levels and perform restricted operations.
Other medium-severity issues include a Buffer Overflow (CVE-2025-49458) that might lead to arbitrary code execution, an Argument Injection vulnerability (CVE-2025-49460) that lets attackers manipulate application behavior by inserting malicious parameters, and a Cross-site Scripting (XSS) flaw (CVE-2025-49461) that could allow script injection into web pages viewed by users.
Furthermore, Zoom patched a Race Condition vulnerability (CVE-2025-58131) in its VMware Horizon VDI Plugin for macOS Universal installer. Race conditions can cause unpredictable application behavior, including denial of service or privilege escalation.
| CVE Identifier | Vulnerability Type | Affected Component | Severity |
|---|---|---|---|
| CVE-2025-49459 | Missing Authorization | Zoom Workplace for Windows on ARM | High |
| CVE-2025-58135 | Improper Action Enforcement | Zoom Workplace Client for Windows | Medium |
| CVE-2025-58134 | Incorrect Authorization | Zoom Workplace Client for Windows | Medium |
| CVE-2025-49458 | Buffer Overflow | Multiple Zoom Workplace Clients | Medium |
| CVE-2025-49460 | Argument Injection | Multiple Zoom Workplace Clients | Medium |
| CVE-2025-49461 | Cross-site Scripting (XSS) | Multiple Zoom Workplace Clients | Medium |
| CVE-2025-58131 | Race Condition | Zoom Workplace VDI Plugin for macOS | Medium |
Urgent Recommendation and Context
Zoom consistently advises users to apply updates as soon as they become available to receive the latest security fixes and performance improvements.
This update arrives just one month after Zoom patched CVE-2025-49457, an Untrusted Search Path flaw in its Windows clients.
That issue carried a CVSS score of 9.6 and could allow an unauthenticated attacker to escalate privileges on a targeted system.
The recurrence of high-impact vulnerabilities underscores the risks of running outdated software.
Delaying updates can leave both individual and enterprise environments exposed to a variety of attacks, including data exfiltration, denial of service, and full system compromise.
To ensure protection, users should download the latest Zoom Workplace installer or update through the application’s built-in update feature.
IT administrators can also deploy the patched client across their networks using standard software distribution tools. Keeping Zoom clients current is crucial to maintaining secure, reliable communications in both personal and professional settings.
Find this Story Interesting! Follow us on Google News, LinkedIn and X to Get More Instant Updates
%20(1).webp?resize=1600,900&ssl=1&description=The update fixes one high-severity issue and several medium-severity vulnerabilities. Users are strongly urged to install the latest version immediately){kind=link}