CERT-In flags ‘high severity’ vulnerabilities in Zoom and Microsoft Edge; requests urgent updates
Flaws in popular video conferencing and web browsing platforms could allow attackers to inject malicious code, bypass security checks, and gain unauthorized access to sensitive data.
ADVERTISEMENT
The Indian Computer Emergency Response Team (CERT-In) has issued two separate high-severity advisories warning users of critical vulnerabilities in widely used applications - Zoom and Microsoft Edge (Chromium-based).
The security agency has urged organisations and individuals to apply immediate updates to prevent potential exploitation.
According to the advisory issued on September 10, 2025, multiple vulnerabilities have been detected across several Zoom products, including Workplace Desktop for Windows (versions before 6.5.0), VDI Clients, Rooms Controller, Rooms Client, Meeting SDK, and the Workplace for Windows on ARM. Zoom’s VDI Plugin for macOS Universal installer for VMware Horizon before version 6.4.10 (or earlier releases in respective tracks) is also affected.
CERT-In noted that these flaws stem from race conditions, improper enforcement of actions, incorrect authorization checks, boundary errors, argument injection, insufficient sanitization of user data, and missing authorization mechanisms. Exploiting these vulnerabilities could enable remote attackers to launch denial-of-service (DoS) attacks, bypass security protocols, inject malicious code, or gain unauthorized access to sensitive information, posing a “high risk of data manipulation and application compromise.”
In a parallel advisory, CERT-In flagged vulnerabilities in Microsoft Edge (Chromium-based) versions prior to 140.0.3485.54. These issues arise from user-after-free errors in the V8 JavaScript engine, as well as improper implementations in the browser’s toolbar, extensions, and downloads. If successfully exploited, attackers could bypass security restrictions and execute arbitrary code on the target system.
Microsoft Edge, developed using the Chromium engine, is among the most widely used browsers globally, integrating tightly with Microsoft services. The reported flaws, therefore, significantly raise the risk of system compromise and unauthorized access for both enterprise and individual users.
CERT-In has advised users of both Zoom and Microsoft Edge to update their software to the latest versions immediately. Timely patching, it stressed, remains the most effective safeguard against potential exploitation of these vulnerabilities.
