I am reporting that Microsoft Defender for Endpoint is currently flagging the bundled OpenSSL libraries in the Zoom binary folder as critical vulnerabilities.
Associated CVEs According to the security portal, these files are being flagged for the following vulnerabilities:
CVE-2025-9230
CVE-2025-9231
CVE-2025-9232
Is the Zoom engineering team aware that these specific CVEs are triggering alerts for version 3.4.2.0? We need to know if there is an upcoming action or patch to address these vulnerability flags, as they are impacting our enterprise security compliance.
I can confirm that we are facing the same issue and impact to compliance.
The fixed version of OpenSSL, 3.4.3 was released September 30, 2025. Can we please get this updated?
I can also confirm this issue in Microsoft Defender, which is also affecting the compliance of my organisation. Can the Zoom devs kindly confirm that they are aware of this and will release a fix for it soon? Thanks!
I can confirm this issue is also affecting our vulnerability/exposure score and has been doing so for many months now. I would love to see this issue addressed, for the vulnerability tied to it is 6.1 (CVE-2025-11187)
Hi @gianni.zoom@elisa.zoom can one of you please take ownership of this topic and ask your developers to fix it? It’s frustrating that this is a serious security vulnerability in your software, which numerous people have taken the time to report to you over the past several months, and so far there has been no response from Zoom staff.