Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Multiple vulnerabilities in Zoom Workplace Apps. Patch Immediately!
Image
Published : 15/05/2025
- Last update: 15/05/2025
- Affected software:
→ Zoom Workplace Apps, multiple versions- Type:
→ Several types, including privilege escalation and denial of service- CVE/CVSS:Zoom patched 7 vulnerabilities on 13 May 2025. In this release, 1 was rated high severity, and 6 was rated medium.
Two vulnerabilities could lead to privilege escalation:
→ CVE-2025-30663: CVSS: 8.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
→ CVE-2025-30664: CVSS: 6.6 (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N)
Sources
https://www.zoom.com/en/trust/security-bulletin/zsb-25016/
https://www.zoom.com/en/trust/security-bulletin/zsb-25017/
Risks
On 13 May 2025, Zoom released an advisory addressing 9 vulnerabilities in Zoom Workplace Apps. Two vulnerabilities could be exploited for privilege escalation, the other 7 to trigger a denial of service.
Zoom is a popular tool for online meetings and conferencing. It had 192.600 business customers in 2024 and many private customers as well. Zoom Workplace Apps is an application that is used to join meetings and conferences. Zoom Workplace Apps has different versions for various operating systems (Windows, Mac, Linux) and media (computer, phone).
Zoom is unaware of any active exploitation of these vulnerabilities (cut-off date: 15 May 2025).
Description
In its security release of 13 May 2025, Zoom addressed two vulnerabilities that could be exploited for privilege escalation:
- CVE-2025-30663, a time-of-check time-of-use race condition affecting some Zoom Workplace Apps. If successfully exploited, an authenticated user could conduct an escalation of privilege via local access.
- CVE-2025-30664 is an improper neutralization of special elements flaw affecting some Zoom Workplace Apps. Successful exploitation could allow an authenticated user to conduct an escalation of privilege via local access.
In the same release, Zoom published seven vulnerabilities that, if exploited, could trigger a denial service:
- CVE-2025-30665, CVE-2025-30666, and CVE-2025-30667 are all NULL pointer dereference flaws that may allow an authenticated user to conduct a denial of service via network access. These vulnerabilities affect some Zoom Workplace Apps for Windows operating systems.
- CVE-2025-46785, a buffer over-read vulnerability which may allow an authenticated user to conduct a denial of service via network access. This vulnerability affects some Zoom Workplace Apps for Windows operating systems.
- CVE-2025-46786 and CVE-2025-46787 are improperly neutralizing special elements in some Zoom Workplace Apps. Successful exploitation could allow an authenticated user to impact app integrity via network access.
- CVE-2025-30668, an integer overflow flaw in some Zoom Workplace Apps, could be exploited to allow an authenticated user to conduct a denial of service via network access.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
https://www.zoom.com/en/trust/security-bulletin/?pageSize=20&page=3&sort=newestupdated