Zoom Fixes High-Risk Flaw in Latest Update

Zoom fixes multiple security bugs in Workplace Apps, including a high-risk flaw. Users are urged to update to the latest version released on May 13, 2025.

Zoom pushed out a batch of security fixes today, addressing multiple vulnerabilities across its Workplace Apps. One of them has been marked high severity, while the others are rated medium. The updates affect both general app versions and Windows-specific builds.

For anyone using Zoom in business or education settings, especially on Windows systems, these updates are worth attention.

The most significant of the bunch is a time-of-check to time-of-use (TOCTOU) issue listed under CVE-2025-30663. This type of bug occurs when there’s a delay between a system checking if an action is safe and performing it. During that short window, attackers might interfere. This bug affects Zoom Workplace Apps broadly and was rated high severity.

The rest of the vulnerabilities carry medium severity ratings. Here’s a quick breakdown:

• Affects: All Workplace Apps
• CVEs: CVE-2025-46786, CVE-2025-46787, CVE-2025-30664
• Issue: These bugs involve the mishandling of user inputs, which could allow scripts or commands to be executed in unexpected ways.

• Affects: Windows versions
• CVE: CVE-2025-46785
• Issue: This bug could lead to the application reading more data than it should, risking exposure of sensitive information.

All seven bulletins were published today on Zoom’s official security bulletin page, with updates issued at the same time.

In a comment to Hackread.com, Jim Routh, Chief Trust Officer at Saviynt stated, “Cyber professionals are considering the need for deepfake detection and prevention impacting virtual meetings today. It turns out that the software defects/vulnerabilities announced recently in Zoom Workplace are far more critical at this time.”

”DoS and remote code execution vulnerabilities have the potential for significant business disruption with the potential for ransomware exploits,” he added. ”Software resilience for enterprise software companies is achievable with more maturity in the development process to identify and remediate race conditions.”

Zoom is widely used across industries, and bugs like these mixed with others, can be a massive security risk. While the technical details may not apply to everyday users, IT teams should treat this as a routine security maintenance window. Applying the patches quickly reduces the chance of these issues being exploited.

Therefore, if you use Zoom Workplace Apps, update now. The patches are live and available for download. Admins managing enterprise deployments should review their update pipelines to make sure these fixes are rolled out across all user endpoints.