A high-severity vulnerability has been discovered in a component used by multiple Zoom products, identified as CVE-2025-47553. This flaw allows an unauthenticated, remote attacker to send specially crafted data to the application, which could result in arbitrary code execution and a complete compromise of the affected system. Due to the critical nature and high CVSS score of 8.8, immediate remediation is strongly recommended to prevent potential data breaches and system takeovers.

This vulnerability is classified as Deserialization of Untrusted Data. The affected component, DZS Video Gallery, improperly validates data it receives before deserializing it. An attacker can exploit this by crafting a malicious serialized data object and sending it to the application. When the application processes this data, it deserializes it back into an object in memory, which triggers the "Object Injection" and executes arbitrary code with the permissions of the Zoom application service.

This is a High severity vulnerability with a CVSS score of 8.8. Successful exploitation could have a severe impact on the organization, leading to a full system compromise. The primary risks include the exfiltration of sensitive data processed by the Zoom application, disruption of service, and the ability for an attacker to use the compromised system as a pivot point to move laterally within the corporate network. This could result in significant financial loss, reputational damage, and regulatory penalties depending on the data compromised.

Immediate Action:

• Identify all systems running the affected Zoom products.
• Apply the security updates provided by the vendor immediately, prioritizing internet-facing systems.
• After patching, monitor application and system logs for any signs of post-remediation exploitation attempts or indicators of a prior compromise.

Proactive Monitoring:

• Log Analysis: Review application and web server logs for unusual or malformed requests directed at the DZS Video Gallery component. Look for deserialization error messages or unexpected process executions spawned by the Zoom service.
• Network Monitoring: Monitor network traffic for anomalous outbound connections from servers running the affected software, which could indicate a command-and-control (C2) channel.
• Endpoint Detection and Response (EDR): Ensure EDR solutions are monitoring for suspicious process chains or command-line arguments originating from the Zoom application process.

Compensating Controls:

• Web Application Firewall (WAF): If immediate patching is not feasible, implement strict WAF rules to inspect and block known malicious serialized object patterns.
• Network Segmentation: Isolate servers running the vulnerable software from other critical network segments to limit an attacker's ability to move laterally.
• Principle of Least Privilege: Ensure the service account running the Zoom application has the minimum permissions necessary for its operation.

Public Exploit Available: false

The high severity of this vulnerability warrants immediate and decisive action. Organizations are strongly advised to prioritize the deployment of vendor-supplied patches across all affected assets. Although this vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its potential for enabling remote code execution makes it an attractive target for attackers. Proactive patching is the most effective defense and is critical to mitigating the risk of a significant security breach.