Executive Summary
- The Indian Computer Emergency Response Team (CERT-In) has issued a ‘high-risk’ alert for multiple critical vulnerabilities found in Zoom applications.
- The flaws affect Zoom clients on Windows, macOS, Android, and iOS, potentially allowing unauthorized data access and malicious code execution.
- Affected products include Zoom Workplace clients and VDI clients released before version 6.5.10.
- Both CERT-In and Zoom strongly urge users to update their software to the latest patched version immediately to protect against potential exploits.
The Indian Computer Emergency Response Team (CERT-In) has issued a high-risk security alert for users of the Zoom video conferencing application across Windows, macOS, Android, and iOS platforms. The agency warned on November 14, 2025, of multiple critical vulnerabilities that could allow attackers to bypass security measures, access sensitive data, and execute malicious code on affected devices.
Vulnerability Details and Potential Impact
According to the CERT-In advisory, the security flaws involve improper verification of cryptographic signatures, faulty certificate validation, and inadequate authorization controls. These vulnerabilities affect Zoom Workplace clients and plugins prior to version 6.5.10. If exploited, these weaknesses could permit attackers to escalate system privileges, conduct cross-site scripting attacks, or steal confidential information, posing a significant threat to both individual and enterprise users who rely on the platform for daily communications.
Official Response and Recommendations
Zoom has acknowledged the vulnerabilities in its November 2025 security bulletins and has released patches to address the high-severity issues. Both CERT-In and Zoom are strongly urging all users to update their applications to the latest version immediately to mitigate the risks. While there have been no public reports of these vulnerabilities being actively exploited, security experts emphasize the need for prompt action. Users are also advised to exercise caution with unexpected meeting links, use strong passwords, and enable two-factor authentication where available.
Maintaining Digital Security
This alert underscores the ongoing need for vigilance in digital communications. Experts recommend that organizations ensure their IT departments deploy security patches in a timely manner and educate employees on proper cyber hygiene. Regular software updates and user awareness remain critical defenses against emerging cyber threats in an increasingly connected environment.