On Thursday October 27th 2022, Vimeo along with much of the tech industry became aware of the Zero-Day vulnerability (CVE 20223786) currently referred to as the “OpenSSL vulnerability.” A security patch for the vulnerability was released on Tuesday, November 1st, 2022. As of November 2nd, 2022, Vimeo has fully remediated this issue on our platform by identifying all affected hosts and patching anywhere the vulnerability existed.
Additionally, we have reached out to our impacted third parties, critical vendors, and strategic partners to evaluate their impact and remediation status in regards to the OpenSSL vulnerability. Due to the widespread nature of this vulnerability, we will continue to monitor the situation to continue to serve our users and community.