Zoom Patches Critical Flaw (CVE-2025-49457): Windows Users Face Privilege Escalation Risk
Ddos 
Zoom has released security updates addressing two significant vulnerabilities in its Windows-based clientsβCVE-2025-49456 and CVE-2025-49457βthat could enable attackers to compromise systems through race conditions and untrusted search paths.
The first flaw, CVE-2025-49456 (CVSS 6.2), is a race condition in the installer for certain Zoom Clients for Windows. According to Zoom, it βmay allow an unauthenticated user to impact application integrity via local access.β
This means that a local attacker could potentially manipulate the installation process to alter or replace application files before they are properly secured, potentially enabling malicious code execution.
The second and more severe issue, CVE-2025-49457 (CVSS 9.6), is an untrusted search path vulnerability in certain Zoom Clients for Windows. Zoom warns that it βmay allow an unauthenticated user to conduct an escalation of privilege via network access.β
By placing a malicious file in a location searched before the legitimate file path, an attackerβpotentially over a network shareβcould trick the application into executing malicious code with elevated privileges.
Both vulnerabilities have been fixed in the latest releases. Zoom advises all users to immediately update their clients to the patched versions via the official Zoom Download Center.
Related Posts:
- Zoom Customers Advised to Update Software to Fix Security Vulnerabilities
- Zoom Patches 6 Flaws: DoS, Info Disclosure & XSS Across All Platforms
- Malicious VS Code Extension Masquerades as Zoom to Steal Chrome Cookies
- Fake Zoom, Real Ransom: Nine-Day Malware Intrusion Ends with BlackSuit Ransomware Blast
- Zoom Phishing Alert: Researcher Identifies New Threat Targeting Microsoft Accounts
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
