Critical Zoom Vulnerability on Windows Allows Attackers to Escalate Privileges

Zoom has disclosed a critical vulnerability affecting multiple Windows-based clients, identified as CVE-2025-49457 under bulletin ZSB-25030. This flaw has a CVSS score of 9.6, categorising it as critical due to its significant impact on confidentiality, integrity, and availability. The vulnerability arises from an untrusted search path in specific Zoom Clients for Windows, allowing unauthenticated attackers to exploit the flaw over a network. This exploitation requires minimal user interaction, such as clicking a malicious link or opening a compromised file. The CVSS vector string indicates that no privileges are necessary, the complexity is low, and the potential for impact is high, leading to risks of data theft, system tampering, or complete takeover. Affected products include Zoom Workplace for Windows, Zoom Workplace VDI for Windows, Zoom Rooms for Windows, Zoom Rooms Controller for Windows, and Zoom Meeting SDK for Windows, all prior to version 6.3.10. Users of these outdated versions are strongly urged to update immediately to mitigate risks.

Discovered and reported by Zoom’s Offensive Security team, this vulnerability highlights ongoing challenges in software security, particularly regarding path-handling mechanisms in Windows environments. Untrusted search paths occur when applications load files from insecure directories, enabling malicious actors to inject harmful DLLs or executables. In this case, privilege escalation could allow attackers to gain elevated access, potentially leading to malware installation, sensitive data access, or service disruption. The implications are severe for Zoom’s extensive user base, which includes businesses, educators, and individuals relying on the platform for virtual meetings. With remote work still prevalent in 2025, such vulnerabilities could result in widespread breaches, undermining trust in video conferencing tools. Zoom has responded promptly, advising users to download the latest updates from its official site. A spokesperson emphasised that applying these patches is crucial for maintaining security. Additional protective measures include enabling automatic updates, using antivirus software, and avoiding suspicious links. This incident underscores the importance of proactive security practices, as regular updates and vigilance remain essential defences against exploitation. Organisations should review their Zoom deployments and educate users on safe practices to prevent potential incidents. 

Categories: Cybersecurity Vulnerability, Software Update Best Practices, Remote Work Security Risks 

Tags: Vulnerability, Zoom, Windows, CVE-2025-49457, Privilege Escalation, CVSS, Security, Update, Malware, Cyber Threats