OpenSSL DLLs (3.4.2.0) triggering Defender alerts for CVE-2025-9230, 9231, 9232

kadirsu76 · January 22, 2026, 7:49am

I am reporting that Microsoft Defender for Endpoint is currently flagging the bundled OpenSSL libraries in the Zoom binary folder as critical vulnerabilities.

The specific files affected are:

C:\Program Files\zoom\bin\libcrypto-3-zm.dll (Version 3.4.2.0)
C:\Program Files\zoom\bin\libssl-3-zm.dll (Version 3.4.2.0)

Associated CVEs According to the security portal, these files are being flagged for the following vulnerabilities:

CVE-2025-9230
CVE-2025-9231
CVE-2025-9232

Is the Zoom engineering team aware that these specific CVEs are triggering alerts for version 3.4.2.0? We need to know if there is an upcoming action or patch to address these vulnerability flags, as they are impacting our enterprise security compliance.

RickC · January 22, 2026, 4:31pm

I can confirm that we are facing the same issue and impact to compliance.
The fixed version of OpenSSL, 3.4.3 was released September 30, 2025. Can we please get this updated?

Topic		Replies	Views
Bundled OpenSSL DLLs (3.4.2.0) triggering Defender alerts for CVE-2025-9230, 9231, 9232 Meeting SDK securityreview	0	10	January 20, 2026
Zoom 5.6.10 Vulnerabilities with OpenSSL .dll need version 3.1.5 Windows	85	12191	October 9, 2024
Zoom Workplace 6.4.6.64360 has issue with libssl-3-zm, libcryto-3-zm Zoom Apps	3	204	May 27, 2025
Zoom 5.17.1 Vulnerabilities with OpenSSL .dll Windows	2	2368	January 4, 2024
Can we get the .lib for libssl-1_1.DLL and libcrypto-1_1.DLL Windows	2	3904	August 21, 2020

OpenSSL DLLs (3.4.2.0) triggering Defender alerts for CVE-2025-9230, 9231, 9232

Related topics