CERT-In Flags Zoom Flaws That Could Expose Meetings & Sensitive Data

The Indian Computer Emergency Response Team (CERT-In) has issued a vulnerability note alerting users of Zoom that multiple security flaws exist in certain versions of the video-conferencing application.

These vulnerabilities, affecting platforms including Windows, macOS, iOS and Android, allow attackers to gain unauthorised access to Zoom Rooms, execute malicious commands remotely, exit meetings, access configuration data and reveal information not meant to be shared. 

Details of the Flaws & Impact

Versions Affected & Severity Level

In its vulnerability advisory CIVN-2025-0261, CERT-In warns that the affected versions are Zoom Rooms for Windows, macOS, Android and iOS prior to version 6.5.1. These flaws carry a “medium” severity rating. 

How the Exploits Work

Indian Computer Emergency Response Team (CERT-In) notes the vulnerabilities arise from improper input sanitisation and inadequate session validation. Specifically:

• The software may fail to validate the user ID of a person joining a Zoom Room. 

• Attackers could exploit the flaws to execute arbitrary commands, disclose sensitive data or gain access to meetings and configurations. 
  According to Zoom, one flaw allowed unauthenticated users to disclose information via network access (“authentication bypass”), while another allowed authenticated users on the Windows client (“command injection”) to disclose information after network access. 

Who Is at Risk & What You Should Do

Both Individuals and Organisations Are Vulnerable

CERT-In highlights that both individuals and organisations using the affected Zoom versions are at risk: the vulnerabilities compromise ongoing and future meetings, potentially exposing personal or organisational secrets. 

Patch Released — Update Immediately

Zoom has issued updates on October 14 to address these flaws. Users still on the affected builds are strongly urged to install the latest version to protect themselves from cyberattacks that might expose personal data or sensitive business information such as trade secrets. 

Broader Implications & Lessons Learned

Meeting Security in the Spotlight

This incident underscores how even widely used collaboration tools like Zoom can harbour dangerous flaws — especially when they are allowed to persist in enterprise environments or consumer setups without updates.

Importance of Timely Patching and Version Tracking

The affected versions pre-date the vulnerability fix — staying on older software builds can enable threat actors to exploit known vulnerabilities. Organisations should track patch lifecycles and apply updates proactively.

Conclusion

The CERT-In advisory on Zoom versions prior to 6.5.1 is a timely reminder of the risks lurking in everyday digital tools. With hackers potentially able to gain unauthorised access to meetings, configuration data or execute commands remotely, both individual users and organisations must act quickly to patch and secure their systems.

Updating Zoom immediately is the first step, but long-term defence also demands disciplined version control, user education, meeting-security best practices and rigorous input validation checks. In an era where virtual collaboration is central, neglecting such vulnerabilities can carry far-reaching consequences.