Zoom fixed a critical Windows client flaw (CVE-2025-49457, CVSS 9.6) involving an untrusted search path that could enable privilege escalation.
Cloud-based video conferencing and online collaboration platform Zoom addressed a critical security flaw, tracked as CVE-2025-49457 (CVSS score of 9.6) in Zoom Clients for Windows.
An unauthenticated user can exploit the vulnerability to conduct an escalation of privilege via network access.
“Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.” reads the advisory published by the company.
The vulnerability impacts the following products:
- Workplace for Windows before version 6.3.10
- Workplace VDI for Windows before version 6.3.10 (except 6.1.16 and 6.2.12)
- Rooms for Windows before version 6.3.10
- Rooms Controller for Windows before version 6.3.10
- Meeting SDK for Windows before version 6.3.10
Vulnerabilities in popular software like Zoom are dangerous because these platforms run on millions of personal and business devices worldwide and often hold sensitive conversations, corporate data, and meeting recordings.
When a flaw, like the CVE-2025-49457 privilege escalation bug, exists, threat actors can:
- Gain higher system privileges on a device running Zoom, letting them install malware, steal files, or control the system.
- Bypass security controls that normally limit what software can do.
- Move deeper into corporate networks, since many employees use Zoom on work devices connected to sensitive resources.
Attackers target Zoom because its massive global user base makes it a high-value target, and its status as trusted software means malicious actions through it are less likely to raise suspicion. Additionally, Zoom can serve as an entry point into well-secured organizations that might otherwise have limited avenues for remote access.
In November 2024, Zoom addressed six vulnerabilities in its video conferencing and communication platform. Two of these vulnerabilities, tracked as CVE-2024-45421 and CVE-2024-45419, are high-severity issues that remote attackers could exploit to escalate privileges or leak sensitive information.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, privilege escalation)
