Zoom
Company Details
Linkedin ID:
zoom
Website:
Employees number:
12,708
Number of followers:
643,210
NAICS:
5415
Industry Type:
Homepage:
zoom.com
IP Addresses:
0
Company ID:
ZOO_2866788
Scan Status:
In-progress
Zoom Company CyberSecurity Posture
zoom.com
Bring teams together, reimagine workspaces, engage new audiences, and delight your customers –– all on the Zoom AI-first work platform you know and love. 💙 Zoomies help people stay connected so they can get more done together. We set out on a mission to make video communications frictionless and secure by building the world’s best video product for the enterprise, but we didn’t stop there. With products like AI Companion, Team Chat, Contact Center, Phone, Events, Rooms, Webinar, Contact Center and more, we bring innovation to a wide variety of customers, from the conference room to the classroom, from doctor’s offices to financial institutions to government agencies, from global brands to small businesses. We do what we do because of our core value of Care: care for our community, our customers, our company, our teammates, and ourselves. Our global employees help our customers meet happier, communicate better, and create meaningful connections the world over. Zoomies are problem-solvers and self-starters, working hard to get results and moving quickly to design solutions with our customers and users in mind. Here, you'll find room to grow with opportunities to stretch your skills and advance your career in a collaborative, growth-focused environment. Learn more about careers at Zoom by visiting our careers site: https://careers.zoom.us/home
Zoom A.I CyberSecurity Scoring
Zoom Risk Score (AI oriented)Between 750 and 799
Zoom
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Zoom Global Score (TPRM)XXXX
Zoom
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Zoom Company CyberSecurity News & History
Past Incidents
2
Attack Types
1
Zoom
Vulnerability
Rankiteo Explanation
Attack without any consequences: Attack in which data is not compromised
Description: Recently, two vulnerabilities were discovered in specific Zoom Clients for Windows, which could enable attackers to launch Denial of Service (DoS) attacks. These flaws, tracked under CVE-2025-49464 and CVE-2025-46789, were reported by security researcher fre3dm4n and carry a Medium severity rating with a CVSS score of 6.5 each. The vulnerabilities stem from a classic buffer overflow issue in the affected Zoom products. This flaw could enable an authorized user with network access to exploit the system, causing a DoS condition that disrupts service availability. The CVSS vector string for both issues indicates a high impact on availability, though confidentiality and integrity remain unaffected. The potential for disruption is significant for organizations relying on Zoom for communication. The vulnerabilities impact multiple Zoom products for Windows, with slight variations in affected versions between the two CVEs.
Zoom: Critical Zoom Vulnerability Enables Remote Code Execution via Command Injection
Vulnerability
Rankiteo Explanation
Attack threatening the organization's existence
Description: Critical Zoom Node Vulnerability Exposes Enterprises to Remote Code Execution A severe command injection flaw in Zoom Node Multimedia Routers (MMRs) has been disclosed, allowing authenticated meeting participants to execute arbitrary code on vulnerable systems. Tracked as CVE-2026-22844, the vulnerability carries a CVSS score of 9.9, reflecting its critical severity due to low attack complexity and network-accessible exploitation. The flaw affects Zoom Node Meetings Hybrid (ZMH) and Meeting Connector (MC) deployments running MMR module versions prior to 5.2.1716.0. Successful exploitation could lead to data exfiltration, meeting manipulation, or denial-of-service attacks, compromising enterprise communication infrastructure. Zoom has released patches in MMR module version 5.2.1716.0 or later, urging administrators to prioritize updates. The vulnerability was identified by Zoom Offensive Security, with affected organizations advised to apply fixes immediately to mitigate risks to confidentiality, integrity, and availability. Official guidance for patching is available in Zoom’s support documentation.
Zoom Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Zoom
Incidents vs IT Services and IT Consulting Industry Average (This Year)
No incidents recorded for Zoom in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Zoom in 2026.
Incident Types Zoom vs IT Services and IT Consulting Industry Avg (This Year)
No incidents recorded for Zoom in 2026.
Incident History — Zoom (X = Date, Y = Severity)
Zoom cyber incidents detection timeline including parent company and subsidiaries
Zoom Company Subsidiaries
Bring teams together, reimagine workspaces, engage new audiences, and delight your customers –– all on the Zoom AI-first work platform you know and love. 💙 Zoomies help people stay connected so they can get more done together. We set out on a mission to make video communications frictionless and secure by building the world’s best video product for the enterprise, but we didn’t stop there. With products like AI Companion, Team Chat, Contact Center, Phone, Events, Rooms, Webinar, Contact Center and more, we bring innovation to a wide variety of customers, from the conference room to the classroom, from doctor’s offices to financial institutions to government agencies, from global brands to small businesses. We do what we do because of our core value of Care: care for our community, our customers, our company, our teammates, and ourselves. Our global employees help our customers meet happier, communicate better, and create meaningful connections the world over. Zoomies are problem-solvers and self-starters, working hard to get results and moving quickly to design solutions with our customers and users in mind. Here, you'll find room to grow with opportunities to stretch your skills and advance your career in a collaborative, growth-focused environment. Learn more about careers at Zoom by visiting our careers site: https://careers.zoom.us/home
Loading...
Zoom Similar Companies
Verizon
We get you. You want more out of a career. A place to share your ideas freely — even if they’re daring or different. Where the true you can learn, grow, and thrive. You’ll find all that here. Because we empower you. We power and empower how people live, work and play by connecting them to what bri
Sopra Steria
Sopra Steria, a major Tech player in Europe with 51,000 employees in nearly 30 countries, is recognised for its consulting, digital services and solutions. It helps its clients drive their digital transformation and obtain tangible and sustainable benefits. The Group provides end-to-end solutions to
Akkodis
Akkodis is a global digital engineering company and Smart Industry leader. We enable clients to advance in their digital transformation with Talent, Academy, Consulting, and Solutions services. Our 50,000 experts combine best-in-class technologies, R&D, and deep sector know-how for purposeful innova
Neobpo
Somos especializados em integrar tecnologia com inteligência humana, oferecendo soluções digitais que promovem transformação e eficiência operacional. Nosso foco é gerar valor por meio de resultados reais, utilizando inteligência digital para atender às necessidades específicas de cada cliente. Merg
LTIMindtree
LTIMindtree is a global technology consulting and digital solutions company that partners with enterprises across industries to reimagine business models, accelerate innovation, and drive AI-centric growth. Trusted by more than 700 clients worldwide, we use advanced technologies to enable operationa
SoftServe
SoftServe is a premier IT consulting and digital services provider. We expand the horizon of new technologies to solve today's complex business challenges and achieve meaningful outcomes for our clients. Our boundless curiosity drives us to explore and reimagine the art of the possible. Clients conf
NTT DATA Business Solutions
We understand the business of our clients and know what it takes to transform it into the future. At NTT DATA Business Solutions, we drive innovation – from advisory and implementation to managed services and beyond. With SAP at our core and a powerful ecosystem of partners, we continuously improve
Virtusa is a global product and platform engineering services company that makes experiences better with technology. We help organizations grow faster, more profitably, and more sustainably by reimagining enterprises through domain-driven solutions. We combine strategy, design, and engineering, back
Samsung SDS
Samsung SDS provides cloud computing and digital logistics services. We build an optimized cloud environment with Samsung Cloud Platform specialized for businesses, provide all-in-one management service based on 38 years of expertise in each industry, and boost work efficiency and customer service w
.png)
Zoom CyberSecurity News
December 17, 2025 08:00 AM
Blackwall aims to close cybersecurity gap among MSMEs
By Edg Adrian A. Eva, Reporter. LOCAL cybersecurity startup Blackwall Industries is focusing on micro, small and medium enterprises (MSMEs)...
December 15, 2025 08:00 AM
North Korean hackers use malicious Zoom calls to target crypto users on Telegram
North Korean hackers are increasingly using deceptive Zoom meetings to compromise victims and steal crypto assets, according to the...
December 15, 2025 08:00 AM
North Korea Linked Hackers Behind Surge in Zoom Scam Attacks
Security Alliance warned that North Korean hacking groups are increasingly using fake Zoom meetings to distribute malware.
December 09, 2025 08:00 AM
Zoom Rooms for Windows & macOS Exposed to Privilege Escalation and Data Disclosure Flaws
Zoom has released two critical security bulletins addressing significant vulnerabilities in Zoom Rooms on Windows and macOS.
December 09, 2025 08:00 AM
Zoom Rooms for Windows and macOS Flaws Enable Privilege Escalation and Sensitive Data Leaks
Zoom has disclosed two critical security vulnerabilities in its Zoom Rooms software for Windows and macOS, which could allow attackers with...
November 12, 2025 08:00 AM
Hackers Weaponize AppleScript to Creatively Deliver macOS Malware Mimic as Zoom/Teams Updates
Attackers now exploit AppleScript (.scpt) files to bypass macOS security, spreading fake Zoom and Teams installers as malware.
November 11, 2025 08:00 AM
Zoom Workplace for Windows Vulnerability Allows Users to Escalate Privileges
A new security vulnerability has been discovered in Zoom Workplace VDI Client for Windows that could allow attackers to escalate their...
November 11, 2025 08:00 AM
Zoom Vulnerabilities Let Attackers Bypass Access Controls to Access Session Data
Zoom has issued multiple security bulletins detailing patches for several vulnerabilities affecting its Workplace applications.
November 11, 2025 08:00 AM
Zoom Workplace for Windows Vulnerability Allow Users to Escalate Privilege
A vulnerability discovered in Zoom Workplace VDI Client for Windows that allow attackers to gain elevated privileges on affected systems.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Zoom CyberSecurity History Information
Official Website of Zoom
The official website of Zoom is https://www.zoom.com.
Zoom’s AI-Generated Cybersecurity Score
According to Rankiteo, Zoom’s AI-generated cybersecurity score is 798, reflecting their Fair security posture.
How many security badges does Zoom’ have ?
According to Rankiteo, Zoom currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Zoom been affected by any supply chain cyber incidents ?
According to Rankiteo, Zoom has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Zoom have SOC 2 Type 1 certification ?
According to Rankiteo, Zoom is not certified under SOC 2 Type 1.
Does Zoom have SOC 2 Type 2 certification ?
According to Rankiteo, Zoom does not hold a SOC 2 Type 2 certification.
Does Zoom comply with GDPR ?
According to Rankiteo, Zoom is not listed as GDPR compliant.
Does Zoom have PCI DSS certification ?
According to Rankiteo, Zoom does not currently maintain PCI DSS compliance.
Does Zoom comply with HIPAA ?
According to Rankiteo, Zoom is not compliant with HIPAA regulations.
Does Zoom have ISO 27001 certification ?
According to Rankiteo,Zoom is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Zoom
Zoom operates primarily in the IT Services and IT Consulting industry.
Number of Employees at Zoom
Zoom employs approximately 12,708 people worldwide.
Subsidiaries Owned by Zoom
Zoom presently has no subsidiaries across any sectors.
Zoom’s LinkedIn Followers
Zoom’s official LinkedIn profile has approximately 643,210 followers.
NAICS Classification of Zoom
Zoom is classified under the NAICS code 5415, which corresponds to Computer Systems Design and Related Services.
Zoom’s Presence on Crunchbase
No, Zoom does not have a profile on Crunchbase.
Zoom’s Presence on LinkedIn
Yes, Zoom maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/zoom.
Cybersecurity Incidents Involving Zoom
As of January 24, 2026, Rankiteo reports that Zoom has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Zoom has an estimated 38,514 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Zoom ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability.
How does Zoom detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an remediation measures with apply the latest patches, and containment measures with patch release (mmr module version 5.2.1716.0 or later), and remediation measures with apply patches immediately, and communication strategy with official guidance in zoom’s support documentation..
Incident Details
Can you provide details on each incident ?
Title: Zoom Client Vulnerabilities Enable DoS Attacks
Description: Two vulnerabilities (CVE-2025-49464 and CVE-2025-46789) discovered in Zoom Clients for Windows can enable attackers to launch Denial of Service (DoS) attacks.
Type: Vulnerability Exploitation
Attack Vector: Buffer Overflow
Vulnerability Exploited: CVE-2025-49464CVE-2025-46789
Motivation: Disruption of Service
Title: Critical Zoom Node Vulnerability Exposes Enterprises to Remote Code Execution
Description: A severe command injection flaw in Zoom Node Multimedia Routers (MMRs) has been disclosed, allowing authenticated meeting participants to execute arbitrary code on vulnerable systems. Tracked as CVE-2026-22844, the vulnerability carries a CVSS score of 9.9, reflecting its critical severity due to low attack complexity and network-accessible exploitation. The flaw affects Zoom Node Meetings Hybrid (ZMH) and Meeting Connector (MC) deployments running MMR module versions prior to 5.2.1716.0. Successful exploitation could lead to data exfiltration, meeting manipulation, or denial-of-service attacks, compromising enterprise communication infrastructure. Zoom has released patches in MMR module version 5.2.1716.0 or later, urging administrators to prioritize updates.
Type: Vulnerability Exploitation
Attack Vector: Network
Vulnerability Exploited: CVE-2026-22844 (Command Injection)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Vulnerability.
Impact of the Incidents
What was the impact of each incident ?
Incident : Vulnerability Exploitation ZOO619070925
Systems Affected: Zoom Workplace for WindowsZoom Workplace VDI for WindowsZoom Rooms for WindowsZoom Rooms Controller for WindowsZoom Meeting SDK for Windows
Operational Impact: Disruption of Communication Services
Incident : Vulnerability Exploitation ZOO1769023542
Data Compromised: Potential data exfiltration
Systems Affected: Zoom Node Meetings Hybrid (ZMH) and Meeting Connector (MC) deployments
Operational Impact: Meeting manipulation, denial-of-service attacks
Which entities were affected by each incident ?
Incident : Vulnerability Exploitation ZOO619070925
Entity Name: Zoom
Entity Type: Software Company
Industry: Communication Technology
Incident : Vulnerability Exploitation ZOO1769023542
Entity Name: Zoom
Entity Type: Technology Company
Industry: Software (Video Conferencing)
Customers Affected: Enterprises using Zoom Node Meetings Hybrid (ZMH) and Meeting Connector (MC)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Vulnerability Exploitation ZOO619070925
Remediation Measures: Apply the latest patches
Incident : Vulnerability Exploitation ZOO1769023542
Containment Measures: Patch release (MMR module version 5.2.1716.0 or later)
Remediation Measures: Apply patches immediately
Communication Strategy: Official guidance in Zoom’s support documentation
Data Breach Information
What type of data was compromised in each breach ?
Incident : Vulnerability Exploitation ZOO1769023542
Data Exfiltration: Potential
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Apply the latest patches, Apply patches immediately.
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by patch release (mmr module version 5.2.1716.0 or later).
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Vulnerability Exploitation ZOO619070925
Lessons Learned: Ensuring that software is up to date is critical in safeguarding against potential exploits.
What recommendations were made to prevent future incidents ?
Incident : Vulnerability Exploitation ZOO619070925
Recommendations: Stay vigilant about software updates to protect against buffer overflow issues.
Incident : Vulnerability Exploitation ZOO1769023542
Recommendations: Apply patches immediately to mitigate risks to confidentiality, integrity, and availability.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Ensuring that software is up to date is critical in safeguarding against potential exploits.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Apply patches immediately to mitigate risks to confidentiality, integrity, and availability. and Stay vigilant about software updates to protect against buffer overflow issues..
References
Where can I find more information about each incident ?
Incident : Vulnerability Exploitation ZOO1769023542
Source: Zoom Offensive Security
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Zoom Offensive SecurityUrl: Zoom’s support documentation.
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Official guidance in Zoom’s support documentation.
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Vulnerability Exploitation ZOO619070925
Root Causes: Buffer overflow in Zoom products
Corrective Actions: Apply patches to affected Zoom products
Incident : Vulnerability Exploitation ZOO1769023542
Root Causes: Command injection flaw in Zoom Node MMRs
Corrective Actions: Patch deployment (MMR module version 5.2.1716.0 or later)
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Apply patches to affected Zoom products, Patch deployment (MMR module version 5.2.1716.0 or later).
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident was Potential data exfiltration.
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Zoom Workplace for WindowsZoom Workplace VDI for WindowsZoom Rooms for WindowsZoom Rooms Controller for WindowsZoom Meeting SDK for Windows and .
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Patch release (MMR module version 5.2.1716.0 or later).
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach was Potential data exfiltration.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Ensuring that software is up to date is critical in safeguarding against potential exploits.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Apply patches immediately to mitigate risks to confidentiality, integrity, and availability. and Stay vigilant about software updates to protect against buffer overflow issues..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Zoom Offensive Security.
What is the most recent URL for additional resources on cybersecurity best practices ?
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is Zoom’s support documentation .
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Buffer overflow in Zoom products, Command injection flaw in Zoom Node MMRs.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Apply patches to affected Zoom products, Patch deployment (MMR module version 5.2.1716.0 or later).
.png)
Latest Global CVEs (Not Company-Specific)
Description
Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the login error view template `login.twig` of versions 2.19.1 and below. The `username` value can be echoed back without proper contextual encoding when authentication fails. An attacker can execute script in the login page context. This issue has been fixed in version 2.19.2.
Risk Information
cvss3
Base: 5.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Description
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the unsafe innerHTML property to render domain search results.
Description
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file contents. Additionally, the application preserves the user-supplied file extension during the save process. This allows an unauthenticated attacker to upload arbitrary PHP code by spoofing the MIME type as an image, leading to full system compromise.
Description
A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at jailer startup, if the jailer is executed with root privileges. To mitigate this issue, users should upgrade to version v1.13.2 or 1.14.1 or above.
Risk Information
cvss3
Base: 6.0
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
cvss4
Base: 6.0
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description
An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. As MD5 is a broken cryptographic function, the hashes can be easily reversed using public tools, exposing user credentials in plaintext. This allows remote attackers to perform unauthorized logins and potentially gain access to sensitive POS operations or backend functions.
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=zoom' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
