What is CVE-2025-49457 and why is it critical?

CVE-2025-49457 is a critical untrusted search path vulnerability with a CVSS score of 9.6 in Zoom Clients for Windows. It's caused by improper handling of DLL search paths within the Zoom client software. When the Zoom client loads dynamic link libraries without specifying absolute paths, attackers can place malicious DLL files in locations that are searched before legitimate libraries, causing the Zoom client to load and execute malicious code with the application's privileges.

How does the DLL search path vulnerability in Zoom work?

The vulnerability exploits Windows' standard DLL search order, which includes the application's directory, system directories, and directories listed in the PATH environment variable. This design flaw creates an opportunity for attackers to place malicious DLL files in locations that are searched before legitimate libraries, leading to code execution with the application's privileges.

What is CVE-2025-49456 and what can attackers do with it?

CVE-2025-49456 is a race condition vulnerability with a CVSS score of 6.2 in the installer for certain Zoom Clients for Windows. According to Zoom, it 'may allow an unauthenticated user to impact application integrity via local access.' This race condition could enable local attackers to manipulate the installation process, potentially altering or replacing application files before they are properly secured during the installation phase.

Which Zoom products are affected by these vulnerabilities?

Affected products include Zoom Workplace for Windows before version 6.3.10, Zoom Workplace VDI for Windows before version 6.3.10 (except 6.1.16 and 6.2.12), Zoom Rooms for Windows before version 6.3.10, Zoom Rooms Controller for Windows before version 6.3.10, and Zoom Meeting SDK for Windows before version 6.3.10.

Are there any exceptions to the affected Zoom versions?

Yes, Zoom Workplace VDI for Windows versions 6.1.16 and 6.2.12 are exceptions and are not affected by these vulnerabilities, even though they are before the fixed version 6.3.10.

Who should prioritize updating their Zoom installations?

Organizations using Zoom Workplace, Zoom Rooms, or those building custom applications with the Zoom Meeting SDK should plan updating as a priority, especially given the critical nature of CVE-2025-49457 with its 9.6 CVSS score.

What makes CVE-2025-49457 particularly dangerous for organizations?

CVE-2025-49457 is particularly dangerous because it allows unauthenticated attackers to escalate privileges remotely with a high CVSS score of 9.6. The vulnerability can be exploited to execute malicious code with the application's privileges, potentially leading to system compromise.

Where can users download the updated Zoom software?

Users can download the latest updated versions of Zoom software at https://zoom.us/download to address these security vulnerabilities.

What is the difference in severity between the two Zoom vulnerabilities?

CVE-2025-49457 is critical with a CVSS score of 9.6 and allows remote privilege escalation by unauthenticated attackers, while CVE-2025-49456 is moderately severe with a CVSS score of 6.2 and requires local access to exploit the race condition in the installer.

Do these vulnerabilities affect Zoom products on other operating systems?

No, these specific vulnerabilities only affect Zoom's Windows-based client applications. The vulnerabilities are related to Windows-specific features like DLL search paths and Windows installer processes.

Advisory

Critical Zoom windows client vulnerabilities enable privilege escalation

Q: What vulnerabilities did Zoom patch in their Windows client applications?

Zoom patched multiple vulnerabilities affecting its Windows-based client applications, including CVE-2025-49457 (CVSS score 9.6) - an untrusted search path vulnerability that allows unauthenticated attackers to escalate privileges remotely, and CVE-2025-49456 (CVSS score 6.2) - a race condition in the installer that may allow an unauthenticated user to impact application integrity via local access.

Q: How can organizations fix these Zoom vulnerabilities?

Organizations should update all affected Zoom products to version 6.3.10 or later. Zoom has released updated versions of all affected products to address both vulnerabilities. Users can apply the latest updates available at https://zoom.us/download.

published: Aug. 13, 2025

Take action: The flaws are not trivial to abuse since they require local presence on the computer and specific conditions. On the other hand, Zoom tools are mostly trivial to upgrade. So just update Zoom and carry on. The "how scary it is" debate is useless.

Learn More

Zoom has patched multiple vulnerabilities affecting its Windows-based client applications, including a critical flaw that allows unauthenticated attackers to escalate privileges remotely.

Vulnerabilities summary:

CVE-2025-49457 (CVSS score 9.6) Untrusted search path vulnerability in Zoom Clients for Windows. The vulnerability is caused by improper handling of DLL search paths within the Zoom client software. When the Zoom client loads dynamic link libraries without specifying absolute paths, Windows follows its standard search order, which includes the application's directory, system directories, and any directories listed in the PATH environment variable. This design flaw creates an opportunity for attackers to place malicious DLL files in locations that are searched before legitimate libraries, causing the Zoom client to load and execute malicious code with the application's privileges.
CVE-2025-49456 (CVSS score 6.2) A race condition in the installer for certain Zoom Clients for Windows. According to Zoom, it "may allow an unauthenticated user to impact application integrity via local access". This race condition vulnerability could enable local attackers to manipulate the installation process, potentially altering or replacing application files before they are properly secured during the installation phase.

Affected versions:

Zoom Workplace for Windows before version 6.3.10,
Zoom Workplace VDI for Windows before version 6.3.10 (except 6.1.16 and 6.2.12),
Zoom Rooms for Windows before version 6.3.10,
Zoom Rooms Controller for Windows before version 6.3.10,
Zoom Meeting SDK for Windows before version 6.3.10

Organizations using Zoom Workplace, Zoom Rooms or are building custom applications with the Zoom Meeting SDK should plan updating.

Zoom has released updated versions of all affected products to address both vulnerabilities. Users can help keep themselves secure by applying the latest updates available at https://zoom.us/download.

Critical Zoom windows client vulnerabilities enable privilege escalation

Read More
VLC Player warns of flaw allowing hackers to …
Microsoft July 2023 Patch Fixes 6 zero-day exploited …
Architectural flaw in Chromium Blink engine enables crashing …
WhatsApp vulnerability actively exploited in targeted spyware campaign
Researchers warn of critical flaw in iPadOS, macOS …