The Indian Computer Emergency Response Team (CERT-In) has published an important alert for all Zoom users. They’ve discovered multiple security flaws in specific versions of the popular video conferencing platform across Windows, macOS, iOS, and Android devices. These vulnerabilities are serious, potentially allowing hackers to sneak into Zoom Rooms without permission, run harmful commands, force users out of meetings, expose private information, and even access system configuration data. Thankfully, Zoom has already released an update to fix these problems, and everyone is strongly advised to install the latest version immediately.
Critical Security Vulnerabilities Identified in Zoom
In its recent advisory, CIVN-2025-0261, CERT-In detailed several medium-severity vulnerabilities impacting Zoom versions 6.5.1 on Windows, macOS, Android, and iOS. These flaws are concerning because they could allow malicious individuals to infiltrate your meetings, access sensitive configuration files, and even run unauthorized commands or scripts on your device. This isn’t just a risk for individuals; businesses and organizations relying on Zoom for critical communications are also exposed, potentially compromising the integrity and privacy of their ongoing and future discussions.
The good news is that Zoom acted swiftly. An update released on October 14 includes patches for these issues. CERT-In urges all users running the affected versions to upgrade to the latest Zoom application on their devices without delay. This proactive step is crucial to defending against potential cyberattacks that could lead to the theft of personal data or vital organizational trade secrets.
Specifically, Zoom reported an authentication bypass vulnerability that allowed unauthorized users to extract information by exploiting network access. Furthermore, a command injection vulnerability was found in Zoom Clients for Windows, which could enable authenticated users to disclose information after gaining network access.
CERT-In pointed out that these security weaknesses stem from poor input sanitization and insufficient session validation. Essentially, affected Zoom versions weren’t properly verifying the identity of individuals entering Zoom Rooms. Additionally, the platform failed to adequately filter and transform user-provided input data before processing it, creating openings for exploitation.