- 179/2025
- Critical
Zoom has released a security update to fix multiple vulnerabilities across Zoom Client for Windows.
The addressed vulnerabilities could allow the attacker to perform denial of service attacks, manipulate files, or gain elevated privileges on the affected system.
Sample of the addressed vulnerabilities:
1. Zoom Clients for Windows – Untrusted Search Path (CVE-2025-49457):
- CVSS: 9.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Privileges
2. Zoom Clients for Windows- Classic Buffer Overflow (CVE-2025-49465):
- CVSS: 6.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Denial of Service
Vulnerabilities
- CVE-2025-49465
- CVE-2025-49457
- CVE-2025-49456
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.