Zoom Clients for Windows Vulnerability Exposes Users to DoS Attacks

Recently, two vulnerabilities have been discovered in specific Zoom Clients for Windows, which could enable attackers to launch Denial of Service (DoS) attacks. The vulnerabilities impact multiple Zoom products for Windows, with slight variations in affected versions between the two CVEs. Both vulnerabilities stem from a classic buffer overflow issue in the affected Zoom products. While the attack requires low privileges and no user interaction, the potential for disruption is significant for organizations relying on Zoom for communication. For Zoom users, particularly those managing large teams or sensitive operations, staying vigilant about software updates is essential. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. These vulnerabilities highlight the ongoing challenges in securing widely used communication tools, especially as remote work and virtual meetings remain integral to many organizations. These flaws, tracked under CVE-2025-49464 and CVE-2025-46789, were reported by security researcher fre3dm4n and carry a Medium severity rating with a CVSS score of 6.5 each. The CVSS vector string for both issues, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicates a high impact on availability, though confidentiality and integrity remain unaffected. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. This flaw could enable an authorized user with network access to exploit the system, causing a DoS condition that disrupts service availability. Zoom has acknowledged these vulnerabilities and released updates to address them. Ensuring that software is up to date is a critical step in safeguarding against potential exploits that could interrupt business operations or personal communications. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications. Buffer overflow issues, while classic, continue to pose risks when not addressed promptly.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 08 Jul 2025 17:35:12 +0000

Cyber News related to Zoom Clients for Windows Vulnerability Exposes Users to DoS Attacks

Zoom flaw enabled hijacking of accounts with access to meetings, team chat - A Zoom flaw that enabled the hijacking of service accounts with access to potentially confidential information was disclosed by bug hunters this week. The vulnerability in the Zoom Rooms feature mostly affected Zoom tenants using email addresses from ...
1 year ago Packetstormsecurity.com Rocke Hunters

CVE-2021-34423 - A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for ...
3 years ago

CVE-2021-34424 - A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune ...
3 years ago

Zoom Mobile & Desktop App Flaw Let Attackers Escalate Privileges - The popular video conferencing software Zoom has security issues with its desktop and mobile apps that could allow for privilege escalation. An attacker may be able to obtain elevated privileges within the application or the operating system by ...
1 year ago Cybersecuritynews.com CVE-2023-43583 CVE-2023-43585 CVE-2023-43586 CVE-2023-36540 CVE-2023-36541 CVE-2023-36534 CVE-2023-39216 CVE-2023-39213

Zoom stomps critical privilege escalation bug, 6 other flaws The Register - Review and manage your consent Here's an overview of our use of cookies, similar technologies and how to manage them. Video conferencing giant Zoom today opened up about a fresh batch of security vulnerabilities affecting its products, including a ...
1 year ago Go.theregister.com CVE-2024-24691 CVE-2024-24690 CVE-2024-24695 CVE-2024-24696 CVE-2024-24697 CVE-2024-24698 CVE-2024-24699

Global Zoom Outage Caused by Server Block Imposed from GoDaddy Registry - The disruption, which began at 11:25 AM PDT and was resolved by 1:12 PM PDT, was traced not to a cyberattack or internal technical failure, but to a server block imposed by GoDaddy Registry the manager of the .us top-level domain after a ...
2 months ago Cybersecuritynews.com

Zoom Launches AI Companion, Available at No Additional Cost - Zoom has pledged to provide artificial intelligence functions on its video-conferencing platform at no additional cost to paid clients. The tech firm believes that including these extra features as part of its paid platform service will provide a ...
1 year ago Cysecurity.news

Zoom Clients for Windows Vulnerability Exposes Users to DoS Attacks - Recently, two vulnerabilities have been discovered in specific Zoom Clients for Windows, which could enable attackers to launch Denial of Service (DoS) attacks. The vulnerabilities impact multiple Zoom products for Windows, with slight variations in ...
1 week ago Cybersecuritynews.com CVE-2025-49464

Zoom Workplace Apps Vulnerability Let Attackers Inject Malicious Script - The vulnerabilities, detailed in Zoom Security Bulletin ZSB-25013, affect a wide range of Zoom Workplace applications, including desktop apps for Windows, macOS, and Linux and mobile apps for iOS and Android. Multiple null pointer dereference ...
3 months ago Cybersecuritynews.com CVE-2025-30670

Weekly Vulnerability Recap 2/19/2024: News from Microsoft, Zoom, SolarWinds - While this week was a little light on vulnerability news, it's still been significant, with Microsoft's Patch Tuesday happening as well as updates for major products, like Zoom. Akira ransomware vulnerabilities have also surfaced in older Cisco ...
1 year ago Esecurityplanet.com CVE-2024-21412 CVE-2020-3259 Akira

Hackers abuse Zoom remote control feature for crypto-theft attacks - A hacking group dubbed 'Elusive Comet' targets cryptocurrency users in social engineering attacks that exploit Zoom's remote control feature to trick users into granting them access to their machines. "For organizations handling particularly ...
2 months ago Bleepingcomputer.com

CVE-2023-22880 - Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. A recent update to the Microsoft Edge WebView2 ...
2 years ago

Windows 10 Extended Security Updates Promised for Small Businesses and Home Users - Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support. Windows 10 will stop getting free updates, including security fixes, ...
1 year ago Techrepublic.com

Zoom Team Chat Decrypted to Uncover User Activities - As remote work continues to be standard practice, understanding the security architecture of communication platforms like Zoom becomes increasingly crucial for maintaining organizational data protection. Zoom Team Chat employs a sophisticated ...
3 months ago Cybersecuritynews.com

9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com

Marketing Strategies for PaaS Services: Get Ahead of the Curve - With the ever-growing demand for cloud-based performance and services, Platform-as-a-Service (PaaS) is becoming increasingly critical for modern software development. PaaS is a cloud-based platform, providing businesses with an integrated suite of ...
2 years ago Hackread.com

Warfare and Geopolitics are Fuelling Denial-of-Service Attacks - The analysis is based on 310 verified Denial-of-Service incidents during the reporting period of January 2022 to August 2023. A large-scale study is also included of publicly reported incidents. The study focuses on the motivations of attackers, ...
1 year ago Enisa.europa.eu

Multiple Zoom Client Vulnerabilities Exposes Sensitive data - These vulnerabilities affect Zoom’s desktop, mobile, and Workplace applications, enabling authenticated attackers to execute arbitrary code, corrupt memory, or bypass security protocols via network access. Recent security disclosures reveal ...
4 months ago Cybersecuritynews.com

Windows 11 to let admins mandate SMB encryption for outbound connections - Windows 11 will let admins mandate SMB client encryption for all outbound connections, starting with today's Windows 11 Insider Preview Build 25982 rolling out to Insiders in the Canary Channel. SMB encryption provides data end-to-end encryption and ...
1 year ago Bleepingcomputer.com

CVE-2022-28762 - Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain ...
2 years ago

Data thieves abuse Microsoft's 'verified publisher' status The Register - Miscreants using malicious OAuth applications abused Microsoft's "Verified publisher" status to gain access to organizations' cloud environments, then steal data and pry into to users' mailboxes, calendars, and meetings. According to researchers with ...
2 years ago Packetstormsecurity.com Lazarus Group

Microsoft No Longer Selling Windows 10 Licenses Redirects to Windows 11 Product Pages - Marking an end to an era, Microsoft is no longer directly selling Windows 10 product keys on their website, instead redirecting users to Windows 11 product pages. This month, Microsoft began displaying an alert on their Windows 10 Home and Pro ...
2 years ago Bleepingcomputer.com

CVE-2022-22782 - The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to ...
1 year ago

CVE-2022-22785 - The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly constrain client session cookies to Zoom domains. This issue could be used in a more sophisticated attack to send an unsuspecting ...
3 years ago

CVE-2023-34120 - Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially ...
2 years ago

Zoom Clients for Windows Vulnerability Exposes Users to DoS Attacks

Cyber News related to Zoom Clients for Windows Vulnerability Exposes Users to DoS Attacks

Latest Cyber News

Cyber Trends (last 7 days)

Trending Cyber News (last 7 days)