CVE-2024-27239

Q: What is the severity of CVE-2024-27239?

CVE-2024-27239 has a CVSS score of 4.3 (MEDIUM). A use-after-free vulnerability in Zoom Workplace Apps and SDKs allows authenticated users to cause denial of service through network access. This affects users of vulnerable Zoom applications who have network connectivity to the affected systems. The vulnerability requires authentication but could disrupt service availability.

4.3 MEDIUM

Denial of Service

📋 TL;DR

A use-after-free vulnerability in Zoom Workplace Apps and SDKs allows authenticated users to cause denial of service through network access. This affects users of vulnerable Zoom applications who have network connectivity to the affected systems. The vulnerability requires authentication but could disrupt service availability.

💻 Affected Systems

Products:

Zoom Workplace Apps
Zoom SDKs

Versions: Specific versions not detailed in advisory; check Zoom security bulletin ZSB-24018

Operating Systems: Windows, macOS, Linux, iOS, Android

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user access; affects both client applications and SDK integrations.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption for Zoom applications, requiring restart or reinstallation of affected software.

🟠

Likely Case

Temporary application crashes or instability affecting individual users or small groups.

🟢

If Mitigated

Minimal impact with proper network segmentation and authentication controls limiting exploit scope.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated access and network connectivity; use-after-free vulnerabilities typically require specific conditions to trigger.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Zoom security bulletin ZSB-24018 for specific patched versions

Vendor Advisory: https://www.zoom.com/en/trust/security-bulletin/zsb-24018/

Restart Required: Yes

Instructions:

1. Visit Zoom security bulletin ZSB-24018. 2. Identify affected products and versions. 3. Update to latest patched versions. 4. Restart applications/services.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to Zoom applications to trusted users only

Authentication Controls

all

Implement strong authentication and limit user privileges

🧯 If You Can't Patch

Implement strict network access controls to limit exposure
Monitor for abnormal application crashes or denial of service patterns

🔍 How to Verify

Check if Vulnerable:

Check application version against Zoom security bulletin ZSB-24018

Check Version:

Zoom applications: Check About or Settings menu; SDKs: Check integration documentation

Verify Fix Applied:

Verify application version matches or exceeds patched versions listed in ZSB-24018

📡 Detection & Monitoring

Log Indicators:

Unexpected application crashes
Memory access violation errors
Denial of service events

Network Indicators:

Unusual network patterns to Zoom applications
Multiple authentication attempts

SIEM Query:

source="zoom" AND (event_type="crash" OR event_type="dos")

📊 Metadata

CVE ID: CVE-2024-27239

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE: CWE-416

EPSS Score: 0.05% exploit probability (13.7th percentile)

Published: February 25, 2025

Last Updated: October 1, 2025

🔗 References

https://www.zoom.com/en/trust/security-bulletin/zsb-24018/ Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Meeting Software Development Kit by Zoom

Meeting Software Development Kit by Zoom

Meeting Software Development Kit by Zoom

Meeting Software Development Kit by Zoom

Meeting Software Development Kit by Zoom

Rooms by Zoom

Rooms by Zoom

Rooms by Zoom

Workplace by Zoom

Workplace by Zoom

Workplace Desktop by Zoom

Workplace Desktop by Zoom

Workplace Desktop by Zoom

Workplace Virtual Desktop Infrastructure by Zoom

Workplace Virtual Desktop Infrastructure by Zoom

Workplace Virtual Desktop Infrastructure by Zoom

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Authentication Controls

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities