Zoom fixes a number of safety bugs in Office Apps, together with a high-risk flaw. Customers are urged to replace to the newest model launched on Might 13, 2025.
Zoom pushed out a batch of safety fixes at present, addressing a number of vulnerabilities throughout its Office Apps. One among them has been marked excessive severity, whereas the others are rated medium. The updates have an effect on each basic app variations and Home windows-specific builds.
For anybody utilizing Zoom in enterprise or training settings, particularly on Home windows programs, these updates are price consideration.
What Was Mounted
Probably the most vital of the bunch is a time-of-check to time-of-use (TOCTOU) concern listed below CVE-2025-30663. This sort of bug happens when there’s a delay between a system checking if an motion is protected and performing it. Throughout that quick window, attackers may intrude. This bug impacts Zoom Office Apps broadly and was rated excessive severity.
The remainder of the vulnerabilities carry medium severity scores. Right here’s a fast breakdown:
Improper Neutralization of Particular Components
- Impacts: All Office Apps
- CVEs: CVE-2025-46786, CVE-2025-46787, CVE-2025-30664
- Problem: These bugs contain the mishandling of person inputs, which might permit scripts or instructions to be executed in surprising methods.
Buffer Over-read
- Impacts: Home windows variations
- CVE: CVE-2025-46785
- Problem: This bug might result in the appliance studying extra knowledge than it ought to, risking publicity of delicate info.
NULL Pointer Dereference
All seven bulletins had been printed at present on Zoom’s official safety bulletin web page, with updates issued on the identical time.
In a remark to Hackread.com, Jim Routh, Chief Belief Officer at Saviynt said, “Cyber professionals are contemplating the necessity for deepfake detection and prevention impacting digital conferences at present. It seems that the software program defects/vulnerabilities introduced lately in Zoom Office are much more vital presently.”
”DoS and distant code execution vulnerabilities have the potential for vital enterprise disruption with the potential for ransomware exploits,” he added. ”Software program resilience for enterprise software program corporations is achievable with extra maturity within the growth course of to determine and remediate race situations.”
Patch NOW
Zoom is broadly used throughout industries, and bugs like these blended with others, generally is a large safety threat. Whereas the technical particulars might not apply to on a regular basis customers, IT groups ought to deal with this as a routine safety upkeep window. Making use of the patches shortly reduces the possibility of those points being exploited.
Subsequently, for those who use Zoom Office Apps, replace now. The patches are reside and obtainable for obtain. Admins managing enterprise deployments ought to evaluation their replace pipelines to ensure these fixes are rolled out throughout all person endpoints.
