Zoom Clients for Windows- Race Condition

Bulletin: ZSB-25029
CVEID: CVE-2025-49456
CVSS Severity: Medium
CVSS Score: 6.2
CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Description:

Race condition in the installer for certain Zoom Clients for Windows may allow an unauthenticated user to impact application integrity via local access.

Users can help keep themselves secure by applying the latest updates available at https://zoom.us/download.

Affected Products:

Zoom Workplace for Windows before version 6.4.10
Zoom Workplace VDI for Windows before version 6.3.12 (except 6.2.15)
Zoom Rooms for Windows before version 6.4.5
Zoom Rooms Controller for Windows before version 6.4.5
Zoom Meeting SDK for Windows before version 6.4.10

Source:

Reported by sim0nsecurity.

Revision	Date	Description
1.0	08/12/2025	Initial publication.

Zoom Clients for Windows- Race Condition

Subscribe for updates