Zoom has revealed a serious vulnerability affecting several Windows-based clients that could let attackers gain elevated access and compromise systems. Labeled CVE-2025-49457, the flaw has a CVSS score of 9.6, making it critical due to its potential impact on data, system integrity, and availability.
The issue stems from an untrusted search path, allowing attackers to exploit it remotely if users click malicious links or open infected files. No privileges are required, and the attack is low in complexity.
Affected versions include:
- Zoom Workplace for Windows before 6.3.10
- Zoom Workplace VDI for Windows before 6.3.10 (except 6.1.16 and 6.2.12)
- Zoom Rooms and Zoom Rooms Controller for Windows before 6.3.10
- Zoom Meeting SDK for Windows before 6.3.10
Users are strongly advised to update immediately. Zoom’s Offensive Security team discovered the flaw and emphasized the risks of privilege escalation, which could lead to malware installation or data theft.
With remote work still widespread, the impact could be significant. Zoom recommends enabling automatic updates, using antivirus software, and avoiding suspicious links. This incident serves as a reminder of the importance of regular updates and user awareness in defending against cyber threats.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
