Zoom
Company Details
Linkedin ID:
zoom
Website:
Employees number:
12,708
Number of followers:
643,210
NAICS:
5415
Industry Type:
Homepage:
zoom.com
IP Addresses:
0
Company ID:
ZOO_2866788
Scan Status:
In-progress
Zoom Company CyberSecurity Posture
zoom.com
Bring teams together, reimagine workspaces, engage new audiences, and delight your customers –– all on the Zoom AI-first work platform you know and love. 💙 Zoomies help people stay connected so they can get more done together. We set out on a mission to make video communications frictionless and secure by building the world’s best video product for the enterprise, but we didn’t stop there. With products like AI Companion, Team Chat, Contact Center, Phone, Events, Rooms, Webinar, Contact Center and more, we bring innovation to a wide variety of customers, from the conference room to the classroom, from doctor’s offices to financial institutions to government agencies, from global brands to small businesses. We do what we do because of our core value of Care: care for our community, our customers, our company, our teammates, and ourselves. Our global employees help our customers meet happier, communicate better, and create meaningful connections the world over. Zoomies are problem-solvers and self-starters, working hard to get results and moving quickly to design solutions with our customers and users in mind. Here, you'll find room to grow with opportunities to stretch your skills and advance your career in a collaborative, growth-focused environment. Learn more about careers at Zoom by visiting our careers site: https://careers.zoom.us/home
Zoom A.I CyberSecurity Scoring
Zoom Risk Score (AI oriented)Between 750 and 799
Zoom
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Zoom Global Score (TPRM)XXXX
Zoom
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Zoom Company CyberSecurity News & History
Past Incidents
2
Attack Types
1
Zoom
Vulnerability
Rankiteo Explanation
Attack without any consequences: Attack in which data is not compromised
Description: Recently, two vulnerabilities were discovered in specific Zoom Clients for Windows, which could enable attackers to launch Denial of Service (DoS) attacks. These flaws, tracked under CVE-2025-49464 and CVE-2025-46789, were reported by security researcher fre3dm4n and carry a Medium severity rating with a CVSS score of 6.5 each. The vulnerabilities stem from a classic buffer overflow issue in the affected Zoom products. This flaw could enable an authorized user with network access to exploit the system, causing a DoS condition that disrupts service availability. The CVSS vector string for both issues indicates a high impact on availability, though confidentiality and integrity remain unaffected. The potential for disruption is significant for organizations relying on Zoom for communication. The vulnerabilities impact multiple Zoom products for Windows, with slight variations in affected versions between the two CVEs.
Zoom: Critical Zoom Vulnerability Enables Remote Code Execution via Command Injection
Vulnerability
Rankiteo Explanation
Attack threatening the organization's existence
Description: Critical Zoom Node Vulnerability Exposes Enterprises to Remote Code Execution A severe command injection flaw in Zoom Node Multimedia Routers (MMRs) has been disclosed, allowing authenticated meeting participants to execute arbitrary code on vulnerable systems. Tracked as CVE-2026-22844, the vulnerability carries a CVSS score of 9.9, reflecting its critical severity due to low attack complexity and network-accessible exploitation. The flaw affects Zoom Node Meetings Hybrid (ZMH) and Meeting Connector (MC) deployments running MMR module versions prior to 5.2.1716.0. Successful exploitation could lead to data exfiltration, meeting manipulation, or denial-of-service attacks, compromising enterprise communication infrastructure. Zoom has released patches in MMR module version 5.2.1716.0 or later, urging administrators to prioritize updates. The vulnerability was identified by Zoom Offensive Security, with affected organizations advised to apply fixes immediately to mitigate risks to confidentiality, integrity, and availability. Official guidance for patching is available in Zoom’s support documentation.
Zoom Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Zoom
Incidents vs IT Services and IT Consulting Industry Average (This Year)
No incidents recorded for Zoom in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Zoom in 2026.
Incident Types Zoom vs IT Services and IT Consulting Industry Avg (This Year)
No incidents recorded for Zoom in 2026.
Incident History — Zoom (X = Date, Y = Severity)
Zoom cyber incidents detection timeline including parent company and subsidiaries
Zoom Company Subsidiaries
Bring teams together, reimagine workspaces, engage new audiences, and delight your customers –– all on the Zoom AI-first work platform you know and love. 💙 Zoomies help people stay connected so they can get more done together. We set out on a mission to make video communications frictionless and secure by building the world’s best video product for the enterprise, but we didn’t stop there. With products like AI Companion, Team Chat, Contact Center, Phone, Events, Rooms, Webinar, Contact Center and more, we bring innovation to a wide variety of customers, from the conference room to the classroom, from doctor’s offices to financial institutions to government agencies, from global brands to small businesses. We do what we do because of our core value of Care: care for our community, our customers, our company, our teammates, and ourselves. Our global employees help our customers meet happier, communicate better, and create meaningful connections the world over. Zoomies are problem-solvers and self-starters, working hard to get results and moving quickly to design solutions with our customers and users in mind. Here, you'll find room to grow with opportunities to stretch your skills and advance your career in a collaborative, growth-focused environment. Learn more about careers at Zoom by visiting our careers site: https://careers.zoom.us/home
Loading...
Zoom Similar Companies
HGS
A global leader in optimizing the customer experience lifecycle, digital transformation, and business process management, HGS is helping its clients become more competitive every day. HGS combines automation, analytics, and artificial intelligence with deep domain expertise focusing on digital custo
SoftServe
SoftServe is a premier IT consulting and digital services provider. We expand the horizon of new technologies to solve today's complex business challenges and achieve meaningful outcomes for our clients. Our boundless curiosity drives us to explore and reimagine the art of the possible. Clients conf
Avanade
Avanade is the world’s leading expert on Microsoft. Trusted by over 7,000 clients worldwide, we deliver AI-driven solutions that unlock the full potential of people and technology, optimize operations, foster innovation and drive growth. As Microsoft’s Global SI Partner we combine global scale with
Amazon Web Services (AWS)
Launched in 2006, Amazon Web Services (AWS) began exposing key infrastructure services to businesses in the form of web services -- now widely known as cloud computing. The ultimate benefit of cloud computing, and AWS, is the ability to leverage a new business model and turn capital infrastructure e
AlmavivA Experience
Líder em transformação digital nos mercados de Customer Experience e Debt Collection na América Latina. Combinamos tecnologia, inteligência e excelência operacional para entregar soluções completas que antecipam as necessidades dos nossos Clientes. São mais de 530 milhões de interações anuais, met
Gainwell Technologies
For 50 years, our nation’s federal Medicaid program has worked to improve the health, safety and well-being of America’s most vulnerable populations: low-income families, women and children, seniors, and those with disabilities. With positive health and cost outcomes that pierce inequities and impac
Ricoh USA, Inc.
At Ricoh, we bring people, processes, and technology together to make information work for you. We unlock the power of information so organizations can unlock the full potential of their people. We're a leader in information management and digital services, creating competitive advantage for over 1.
Serco
We bring together the right people, the right technology and the right partners to create innovative solutions that make positive impact and address some of the most urgent and complex challenges facing the modern world. With a focus on serving governments globally, Serco’s services span justice,
In the era of AI, your data is your advantage. Yet too often it remains untapped: disconnected from systems, underutilized, untrained, and exposed to risk. Iron Mountain is the trusted partner for organizations of all sizes to unlock what’s possible, transforming information into intelligence and as
.png)
Zoom CyberSecurity News
December 17, 2025 08:00 AM
Blackwall aims to close cybersecurity gap among MSMEs
By Edg Adrian A. Eva, Reporter. LOCAL cybersecurity startup Blackwall Industries is focusing on micro, small and medium enterprises (MSMEs)...
December 15, 2025 08:00 AM
North Korean hackers use malicious Zoom calls to target crypto users on Telegram
North Korean hackers are increasingly using deceptive Zoom meetings to compromise victims and steal crypto assets, according to the...
December 15, 2025 08:00 AM
North Korea Linked Hackers Behind Surge in Zoom Scam Attacks
Security Alliance warned that North Korean hacking groups are increasingly using fake Zoom meetings to distribute malware.
December 09, 2025 08:00 AM
Zoom Rooms for Windows & macOS Exposed to Privilege Escalation and Data Disclosure Flaws
Zoom has released two critical security bulletins addressing significant vulnerabilities in Zoom Rooms on Windows and macOS.
December 09, 2025 08:00 AM
Zoom Rooms for Windows and macOS Flaws Enable Privilege Escalation and Sensitive Data Leaks
Zoom has disclosed two critical security vulnerabilities in its Zoom Rooms software for Windows and macOS, which could allow attackers with...
November 12, 2025 08:00 AM
Hackers Weaponize AppleScript to Creatively Deliver macOS Malware Mimic as Zoom/Teams Updates
Attackers now exploit AppleScript (.scpt) files to bypass macOS security, spreading fake Zoom and Teams installers as malware.
November 11, 2025 08:00 AM
Zoom Workplace for Windows Vulnerability Allows Users to Escalate Privileges
A new security vulnerability has been discovered in Zoom Workplace VDI Client for Windows that could allow attackers to escalate their...
November 11, 2025 08:00 AM
Zoom Vulnerabilities Let Attackers Bypass Access Controls to Access Session Data
Zoom has issued multiple security bulletins detailing patches for several vulnerabilities affecting its Workplace applications.
November 11, 2025 08:00 AM
Zoom Workplace for Windows Vulnerability Allow Users to Escalate Privilege
A vulnerability discovered in Zoom Workplace VDI Client for Windows that allow attackers to gain elevated privileges on affected systems.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Zoom CyberSecurity History Information
Official Website of Zoom
The official website of Zoom is https://www.zoom.com.
Zoom’s AI-Generated Cybersecurity Score
According to Rankiteo, Zoom’s AI-generated cybersecurity score is 798, reflecting their Fair security posture.
How many security badges does Zoom’ have ?
According to Rankiteo, Zoom currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Zoom been affected by any supply chain cyber incidents ?
According to Rankiteo, Zoom has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Zoom have SOC 2 Type 1 certification ?
According to Rankiteo, Zoom is not certified under SOC 2 Type 1.
Does Zoom have SOC 2 Type 2 certification ?
According to Rankiteo, Zoom does not hold a SOC 2 Type 2 certification.
Does Zoom comply with GDPR ?
According to Rankiteo, Zoom is not listed as GDPR compliant.
Does Zoom have PCI DSS certification ?
According to Rankiteo, Zoom does not currently maintain PCI DSS compliance.
Does Zoom comply with HIPAA ?
According to Rankiteo, Zoom is not compliant with HIPAA regulations.
Does Zoom have ISO 27001 certification ?
According to Rankiteo,Zoom is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Zoom
Zoom operates primarily in the IT Services and IT Consulting industry.
Number of Employees at Zoom
Zoom employs approximately 12,708 people worldwide.
Subsidiaries Owned by Zoom
Zoom presently has no subsidiaries across any sectors.
Zoom’s LinkedIn Followers
Zoom’s official LinkedIn profile has approximately 643,210 followers.
NAICS Classification of Zoom
Zoom is classified under the NAICS code 5415, which corresponds to Computer Systems Design and Related Services.
Zoom’s Presence on Crunchbase
No, Zoom does not have a profile on Crunchbase.
Zoom’s Presence on LinkedIn
Yes, Zoom maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/zoom.
Cybersecurity Incidents Involving Zoom
As of January 25, 2026, Rankiteo reports that Zoom has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Zoom has an estimated 38,513 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Zoom ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability.
How does Zoom detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an remediation measures with apply the latest patches, and containment measures with patch release (mmr module version 5.2.1716.0 or later), and remediation measures with apply patches immediately, and communication strategy with official guidance in zoom’s support documentation..
Incident Details
Can you provide details on each incident ?
Title: Zoom Client Vulnerabilities Enable DoS Attacks
Description: Two vulnerabilities (CVE-2025-49464 and CVE-2025-46789) discovered in Zoom Clients for Windows can enable attackers to launch Denial of Service (DoS) attacks.
Type: Vulnerability Exploitation
Attack Vector: Buffer Overflow
Vulnerability Exploited: CVE-2025-49464CVE-2025-46789
Motivation: Disruption of Service
Title: Critical Zoom Node Vulnerability Exposes Enterprises to Remote Code Execution
Description: A severe command injection flaw in Zoom Node Multimedia Routers (MMRs) has been disclosed, allowing authenticated meeting participants to execute arbitrary code on vulnerable systems. Tracked as CVE-2026-22844, the vulnerability carries a CVSS score of 9.9, reflecting its critical severity due to low attack complexity and network-accessible exploitation. The flaw affects Zoom Node Meetings Hybrid (ZMH) and Meeting Connector (MC) deployments running MMR module versions prior to 5.2.1716.0. Successful exploitation could lead to data exfiltration, meeting manipulation, or denial-of-service attacks, compromising enterprise communication infrastructure. Zoom has released patches in MMR module version 5.2.1716.0 or later, urging administrators to prioritize updates.
Type: Vulnerability Exploitation
Attack Vector: Network
Vulnerability Exploited: CVE-2026-22844 (Command Injection)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Vulnerability.
Impact of the Incidents
What was the impact of each incident ?
Incident : Vulnerability Exploitation ZOO619070925
Systems Affected: Zoom Workplace for WindowsZoom Workplace VDI for WindowsZoom Rooms for WindowsZoom Rooms Controller for WindowsZoom Meeting SDK for Windows
Operational Impact: Disruption of Communication Services
Incident : Vulnerability Exploitation ZOO1769023542
Data Compromised: Potential data exfiltration
Systems Affected: Zoom Node Meetings Hybrid (ZMH) and Meeting Connector (MC) deployments
Operational Impact: Meeting manipulation, denial-of-service attacks
Which entities were affected by each incident ?
Incident : Vulnerability Exploitation ZOO619070925
Entity Name: Zoom
Entity Type: Software Company
Industry: Communication Technology
Incident : Vulnerability Exploitation ZOO1769023542
Entity Name: Zoom
Entity Type: Technology Company
Industry: Software (Video Conferencing)
Customers Affected: Enterprises using Zoom Node Meetings Hybrid (ZMH) and Meeting Connector (MC)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Vulnerability Exploitation ZOO619070925
Remediation Measures: Apply the latest patches
Incident : Vulnerability Exploitation ZOO1769023542
Containment Measures: Patch release (MMR module version 5.2.1716.0 or later)
Remediation Measures: Apply patches immediately
Communication Strategy: Official guidance in Zoom’s support documentation
Data Breach Information
What type of data was compromised in each breach ?
Incident : Vulnerability Exploitation ZOO1769023542
Data Exfiltration: Potential
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Apply the latest patches, Apply patches immediately.
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by patch release (mmr module version 5.2.1716.0 or later).
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Vulnerability Exploitation ZOO619070925
Lessons Learned: Ensuring that software is up to date is critical in safeguarding against potential exploits.
What recommendations were made to prevent future incidents ?
Incident : Vulnerability Exploitation ZOO619070925
Recommendations: Stay vigilant about software updates to protect against buffer overflow issues.
Incident : Vulnerability Exploitation ZOO1769023542
Recommendations: Apply patches immediately to mitigate risks to confidentiality, integrity, and availability.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Ensuring that software is up to date is critical in safeguarding against potential exploits.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Apply patches immediately to mitigate risks to confidentiality, integrity, and availability. and Stay vigilant about software updates to protect against buffer overflow issues..
References
Where can I find more information about each incident ?
Incident : Vulnerability Exploitation ZOO1769023542
Source: Zoom Offensive Security
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Zoom Offensive SecurityUrl: Zoom’s support documentation.
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Official guidance in Zoom’s support documentation.
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Vulnerability Exploitation ZOO619070925
Root Causes: Buffer overflow in Zoom products
Corrective Actions: Apply patches to affected Zoom products
Incident : Vulnerability Exploitation ZOO1769023542
Root Causes: Command injection flaw in Zoom Node MMRs
Corrective Actions: Patch deployment (MMR module version 5.2.1716.0 or later)
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Apply patches to affected Zoom products, Patch deployment (MMR module version 5.2.1716.0 or later).
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident was Potential data exfiltration.
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Zoom Workplace for WindowsZoom Workplace VDI for WindowsZoom Rooms for WindowsZoom Rooms Controller for WindowsZoom Meeting SDK for Windows and .
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Patch release (MMR module version 5.2.1716.0 or later).
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach was Potential data exfiltration.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Ensuring that software is up to date is critical in safeguarding against potential exploits.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Apply patches immediately to mitigate risks to confidentiality, integrity, and availability. and Stay vigilant about software updates to protect against buffer overflow issues..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Zoom Offensive Security.
What is the most recent URL for additional resources on cybersecurity best practices ?
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is Zoom’s support documentation .
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Buffer overflow in Zoom products, Command injection flaw in Zoom Node MMRs.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Apply patches to affected Zoom products, Patch deployment (MMR module version 5.2.1716.0 or later).
.png)
Latest Global CVEs (Not Company-Specific)
Description
Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the login error view template `login.twig` of versions 2.19.1 and below. The `username` value can be echoed back without proper contextual encoding when authentication fails. An attacker can execute script in the login page context. This issue has been fixed in version 2.19.2.
Risk Information
cvss3
Base: 5.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Description
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the unsafe innerHTML property to render domain search results.
Description
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file contents. Additionally, the application preserves the user-supplied file extension during the save process. This allows an unauthenticated attacker to upload arbitrary PHP code by spoofing the MIME type as an image, leading to full system compromise.
Description
A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at jailer startup, if the jailer is executed with root privileges. To mitigate this issue, users should upgrade to version v1.13.2 or 1.14.1 or above.
Risk Information
cvss3
Base: 6.0
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
cvss4
Base: 6.0
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description
An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. As MD5 is a broken cryptographic function, the hashes can be easily reversed using public tools, exposing user credentials in plaintext. This allows remote attackers to perform unauthorized logins and potentially gain access to sensitive POS operations or backend functions.
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=zoom' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
