Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Zoom Clients for Windows untrusted search path privilege escalation (CVE-2025-49457)

Vulnerability
First reported
Last updated
Happening score
H score 23
1 unique sources, 1 articles

Summary

Hide ▲

Zoom fixed CVE-2025-49457 in Zoom Clients for Windows, a 9.6-severity untrusted search path flaw that could let an unauthenticated attacker gain elevated privileges over network access. The issue affects Zoom Workplace for Windows, Zoom Workplace VDI for Windows, Zoom Rooms for Windows, Zoom Rooms Controller for Windows, and Zoom Meeting SDK for Windows before 6.3.10. The patch narrows exposure for widely deployed Windows collaboration software.

Timeline

  1. 13.08.2025 16:19 1 articles · 9mo ago

    Zoom patches CVE-2025-49457 in Windows clients

    Mitigation Patch Update

    Zoom issued a security bulletin and fixed CVE-2025-49457, a 9.6-severity untrusted search path flaw in Zoom Clients for Windows that could let an unauthenticated user escalate privileges via network access. The issue affects Zoom Workplace for Windows before version 6.3.10, Zoom Workplace VDI for Windows before version 6.3.10 except 6.1.16 and 6.2.12, Zoom Rooms for Windows before version 6.3.10, Zoom Rooms Controller for Windows before version 6.3.10, and Zoom Meeting SDK for Windows before version 6.3.10.

    Show sources
    Open in new tab