A new vulnerability has been identified in Zoom Clients for Windows (CVE-2025-49457) which could allow remote attackers to escalate privileges via an untrusted search path.
Severity level
CVSS Score: 9.6/Critical
Description:- Zoom is a widely used video conferencing and collaboration platform. CVE-2025-49457 is an untrusted search path vulnerability arises from improper handling of DLL search paths in Zoom Clients for Windows. When the Zoom client loads dynamic link libraries without specifying absolute paths, Windows may load malicious DLLs placed in directories that are searched before legitimate ones. This flaw allows unauthenticated attackers to execute arbitrary code with the privileges of the Zoom application, potentially leading to full system compromise
Affected Versions :-
- Zoom Workplace for Windows before version 6.3.10.
- Zoom Workplace VDI for Windows before version 6.3.10 (excluding versions 6.1.16 and 6.2.12).
- Zoom Rooms for Windows before version 6.3.10.
- Zoom Rooms Controller for Windows before version 6.3.10.
- Zoom Meeting SDK for Windows before version 6.3.10.
Impact:-
Successful exploitation may result in result in full system compromise.
Resolution:-
Please update to the following patched version: Zoom Clients for Windows version 6.3.10 or later.
Reference:-
https://thehackernews.com/2025/08/zoom-and-xerox-release-critical.html
https://www.wiz.io/vulnerability-database/cve/cve-2025-49457