Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: multiple high and medium vulnerabilities in Zoom Workplace apps that can lead to privilege escalation, patch immediately!
Image
Published : 11/03/2025
Reference:
Advisory #2025-53
Version:
1.0
Affected software:
Zoom Workplace Desktop App for Windows/macOS/Linux/iOS/Android < 6.3.0
Zoom Workplace VDI Client for Windows < 6.2.12
Zoom Rooms Controller/Client for Windows/macOS/Linux/Android/iPad < 6.3.0
Zoom Meeting SDK for Windows/macOS/Linux/Android/iPad < 6.3.0
Zoom Workplace App/Meeting SDK for iOS < 6.3.0
Type:
Multiple vulnerabilities
CVE/CVSS:
CVE-2025- 27439
CVSS 8.5 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)
CVE-2025- 27440
CVSS 8.5 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)
CVE-2025-0151
CVSS 8.5 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)
CVE-2025-0150
CVSS 7.1 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H)
CVE-2025-0149
CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
Sources
- https://www.zoom.com/en/trust/security-bulletin/
- https://www.zoom.com/en/trust/security-bulletin/zsb-25011/
- https://www.zoom.com/en/trust/security-bulletin/zsb-25012/
- https://www.zoom.com/en/trust/security-bulletin/zsb-25010/
- https://www.zoom.com/en/trust/security-bulletin/zsb-25008/
- https://www.zoom.com/en/trust/security-bulletin/zsb-25009/
Risks
On the 11th of March 2025, Zoom released five advisories about these five vulnerabilities (CVE-2025-27439, CVE-2025-27440, CVE-2025-0151, CVE-2025-0150, CVE-2025-0149) in the Zoom Workplace Apps for Desktop in all Operating Systems OSs (Windows, macOS, Linux, iOS, Android), Zoom Workplace VDI Client for Windows, Zoom Rooms Controller and Client for all OSs, Zoom Meeting SDK for all OSs.
There are no historical events tied to these vulnerabilities. It is unknown if these vulnerabilities have been actively exploited.
A remote attacker could exploit all five vulnerabilities, without requiring high privileges, and could cause privilege escalation by using CVE-2025-27439, CVE-2025-27440 and/or CVE-2025-0151.
By exploiting CVE-2025-0150, a network-based attacker could cause Denial of Service (DoS).
Vulnerabilities: CVE-2025-27439, CVE-2025-27440, CVE-2025-0151 have a high impact on all aspects of the CIA triad (Confidentiality, Integrity, Availability).
CVE-2025-0150 has a low impact on Confidentiality, no impact on Integrity, and high impact on Availability.
CVE-2025-0149 has no impact on Confidentiality, it has a low impact on both Integrity and Availability.
Description
CVE-2025-27439:
A network-based attacker with low privileges can provide information to the buffer at a lower rate than it is being read, which causes buffer underflow. The threat actor can exploit this to escalate privileges.
CVE-2025-27440:
A threat actor who has been previously authenticated can cause the program to crash or lead it to an infinite loop by overwriting the buffer in the heap memory portion, most commonly using the command malloc(). This way the network-based attacker can execute arbitrary code and elevate their privileges.
CVE-2025-0151:
An authenticated attacker with low privileges can gain admin access by exploiting the dangling pointer (use after free) which has a reference to a freed memory, location. This can allow the threat actor to execute arbitrary code.
CVE-2025-0150:
A network-based threat actor, who has previously been authenticated, can cause a Denial of Service by exploiting weaknesses that occur by executing processes and commands in the wrong order.
CVE-2025-0149:
A threat actor without any privileges can launch a network attack with the aim of forcing the program to accept invalid data by exploiting a weakness in the verification of the origin or authenticity of the data. This can allow the attacker is making the program unavailable by conducting a Denial of Service attack.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.