The Indian Computer Emergency Response Team (CERT-In) issued a recent alert on November 14, 2025, highlighting multiple critical vulnerabilities in Zoom applications used across Windows, macOS, Android, and iOS platforms, reports News18.

These security flaws allow hackers to bypass Zoom’s security layers, potentially enabling unauthorised data access and execution of malicious code. CERT-In strongly urges users to update Zoom apps immediately to the latest versions. Zoom has released patches addressing these issues, reinforcing the need for prompt updates to maintain security.

Overview of Zoom Vulnerabilities

CERT-In’s advisory points to vulnerabilities involving improper cryptographic signature verification, faulty certificate validation, external control of file names, and inadequate authorisation handling in various Zoom Workplace clients and plugins.

The affected products include Zoom Workplace for macOS, Windows, Android, and their respective VDI clients before version 6.5.10.

Hackers exploiting these loopholes could escalate privileges, conduct cross-site scripting attacks, or steal sensitive information, compromising both personal users and enterprises relying on Zoom for communication, including remote work and online education.

Official Responses and Latest Updates

Zoom acknowledged these high-severity issues in a series of security bulletins, releasing patches across platforms in November 2025. The company and CERT-In jointly stress the importance of updating Zoom software to the latest versions, specifying that older versions remain exploitable.

Security experts from firms like Mandiant helped identify and remediate these breaches. Despite no public reports of active exploitation yet, the vulnerabilities present a significant risk. CERT-In continues to monitor and collaborate with Zoom for swift fixes. Users have been advised to be cautious with unexpected meeting links and to apply updates without delay.

Staying Safe in a Digital World

Given the persistent emergence of security flaws in essential communication tools, users should prioritise keeping software up to date to protect against exploitation.

Beyond updates, experts recommend adopting strong passwords, enabling two-factor authentication where possible, and avoiding clicking on suspicious links or meeting invitations.

Organisations must ensure IT teams deploy patches promptly and educate employees about cyber hygiene. Regular security audits and vigilance remain key defences in safeguarding personal and business data during increasingly digital interactions.

The Logical Indian’s Perspective

In a world where virtual connections have become indispensable, this alert is a wake-up call on the delicate balance between convenience and security.

While technology transforms communication, it also exposes us to new threats that require constant vigilance and responsibility from both developers and users. Fostering a culture of cybersecurity consciousness alongside technological adoption ensures safer digital public spaces for all.

News in Q&A

1. What vulnerabilities have been found in Zoom applications?
Multiple security flaws have been found involving improper verification of cryptographic signatures, faulty certificate validations, external control over file names, and poor authorisation handling. Exploiting these could allow attackers to access sensitive data, execute malicious code, or escalate system privileges.

2. Who is at risk from these Zoom vulnerabilities?
Anyone using affected Zoom versions, especially business users relying on Zoom Workplace clients on Windows, macOS, Android, and iOS platforms, are at risk. The vulnerabilities particularly affect clients before version 6.5.10 on these systems.

3. When and how should users respond?
Users must update their Zoom applications immediately to the latest available versions released in November 2025, which include patches addressing the vulnerabilities. CERT-In emphasizes this step as crucial to mitigate risk.

4. What is Zoom’s and CERT-In’s official stance on this?
Zoom has acknowledged these vulnerabilities in its November security bulletins and urged users to update. CERT-In continues monitoring and collaborating with Zoom for prompt remediation and keeps the public informed through advisories.

5. Why do these vulnerabilities matter?
Given Zoom’s widespread use for work, education, and social interaction, these vulnerabilities pose a major risk of data breaches, unauthorized system access, and cyberattacks, impacting millions globally.