【Vulnerability Alert】Major Security Vulnerability in Zoom Client for Windows (CVE-2025-49457)

• Subject: 【Vulnerability Alert】Major Security Vulnerability in Zoom Client for Windows (CVE-2025-49457)p
• Details:
  • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center TWCERTCC-200-202508-00000008
  • Zoom is a cross-platform cloud video conferencing software that supports multi-person online meetings, screen sharing, and meeting recording, making it suitable for remote work and teaching. Zoom recently issued a major security vulnerability announcement (CVE-2025-49457, CVSS: 9.6). A vulnerability in the untrusted search path exists in some Zoom clients for Windows, which may allow an unauthenticated attacker to escalate privileges via network access.
• Affected Platforms:
  • Zoom Workplace for Windows versions prior to 6.3.10
  • Zoom Workplace VDI for Windows versions prior to 6.3.10 (excluding 6.1.16 and 6.2.12)
  • Zoom Rooms for Windows versions prior to 6.3.10
  • Zoom Rooms Controller for Windows versions prior to 6.3.10
  • Zoom Meeting SDK for Windows versions prior to 6.3.10
• Recommended Actions:
  • Apply the patches released on the official website
  • https://www.zoom.com/en/trust/security-bulletin/zsb-25030/?lang=null&⟨=null
• References:
  • https://www.twcert.org.tw/tw/cp-169-10323-6ea39-1.html

Computer and Communications Center
Network Systems Group, Regards