OpenSSL DLLs (3.4.2.0) triggering Defender alerts for CVE-2025-9230, 9231, 9232

Meeting SDK Windows
1

I am reporting that Microsoft Defender for Endpoint is currently flagging the bundled OpenSSL libraries in the Zoom binary folder as critical vulnerabilities.

The specific files affected are:

  • C:\Program Files\zoom\bin\libcrypto-3-zm.dll (Version 3.4.2.0)

  • C:\Program Files\zoom\bin\libssl-3-zm.dll (Version 3.4.2.0)

Associated CVEs According to the security portal, these files are being flagged for the following vulnerabilities:

  • CVE-2025-9230

  • CVE-2025-9231

  • CVE-2025-9232

Is the Zoom engineering team aware that these specific CVEs are triggering alerts for version 3.4.2.0? We need to know if there is an upcoming action or patch to address these vulnerability flags, as they are impacting our enterprise security compliance.

2 Likes
2

I can confirm that we are facing the same issue and impact to compliance.
The fixed version of OpenSSL, 3.4.3 was released September 30, 2025. Can we please get this updated?

2 Likes
3

I can also confirm this issue in Microsoft Defender, which is also affecting the compliance of my organisation. Can the Zoom devs kindly confirm that they are aware of this and will release a fix for it soon? Thanks!

4

Might as well move up to 3.4.4 to avoid CVE-2025-11187 (CVSSv3 6.1)

5

I can confirm this issue is also affecting our vulnerability/exposure score and has been doing so for many months now. I would love to see this issue addressed, for the vulnerability tied to it is 6.1 (CVE-2025-11187)