Zoom Issues Urgent Patch for High-Risk Vulnerabilities
Recent security vulnerabilities in Zoom Workplace Apps and SDKs, including heap-based buffer overflow CVE-2025-27440, buffer underflow CVE-2025-27439, use-after-free CVE-2025-0151, and incorrect behavior order CVE-2025-0150, pose significant risks to users. These flaws could allow remote attackers to execute arbitrary code, escalate privileges, or cause denial-of-service (DoS) conditions. Zoom has released security updates to address these issues.
Technical Description
The identified vulnerabilities come from improper memory management within Zoom’s applications and SDKs. CVE-2025-27440, a heap-based buffer overflow occurs when excessive data is written beyond allocated memory, Attackers can exploit this flaw by injecting specially crafted data packets into Zoom’s processing functions. This can overwrite critical memory areas, leading to arbitrary code execution. enabling remote code execution (RCE). CVE-2025-27439 A buffer underflow occurs when a program reads data before the start of an allocated buffer due to improper memory boundary checks. In Zoom, an incorrectly handled function allows an attacker to retrieve unintended memory contents. This could expose sensitive user information or cause the application to crash due to illegal memory access. CVE-2025-0151, A use-after-free (UAF) vulnerability occurs when a program continues to use a memory pointer after the memory has already been freed. In Zoom, a specific function does not properly clear references to freed memory, allowing attackers to manipulate or corrupt the program’s execution flow. CVE-2025-0150 is caused by an incorrect behavior order vulnerability, where program operations execute out of sequence and bypass security checks. In Zoom, this flaw occurs when authentication and access control mechanisms are improperly ordered, allowing unauthorized actions to be performed before necessary validations are completed.
Impact
If exploited, these vulnerabilities could have severe security implications. The heap-based buffer overflow and use-after-free vulnerabilities could enable attackers to execute arbitrary code remotely, potentially allowing full system compromise. The buffer underflow issue could result in the unintended exposure of sensitive memory contents, leading to data leakage or unauthorized access. Additionally, the incorrect behavior order flaw could bypass security controls, granting unauthorized privileges or access to protected resources. Beyond security risks, exploitation of these flaws could lead to denial-of-service (DoS) conditions, causing application crashes and disrupting essential communication and business operations.
IOC and Context Details
| Topics | Details |
|---|---|
| Tactic Name | Execution / Privilege Escalation / Impact |
| Technique Name | Memory Corruption / Buffer Overflow / Use-After-Free |
| Sub Technique Name | Heap-Based Overflow / Buffer Underflow |
| Attack Type | Remote Code Execution (RCE) / Denial-of-Service (DoS) |
| Targeted Applications | Zoom Workplace Apps, Zoom Meeting SDKs |
| Region Impacted | Global |
| Industry Impacted | All |
| IOC’s | NA |
| CVE | CVE-2025-27440, CVE-2025-27439, CVE-2025-0151, CVE-2025-0150 |
Recommended Actions
To mitigate the risks users and organizations that are running version prior to 6.3.0 are affected by vulnerabilities. They should Apply Security Updates Immediately Zoom has released patches addressing these vulnerabilities. Ensure all Zoom Workplace Apps, Meeting SDKs, and related software are updated to the latest version.