Zoom Clients for Windows - Untrusted Search Path
- ZSB-25030
- CVE-2025-49457
- Critical
- 9.6
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.
Users can help keep themselves secure by applying the latest updates available at https://zoom.us/download.
- Zoom Workplace for Windows before version 6.3.10
- Zoom Workplace VDI for Windows before version 6.3.10 (except 6.1.16 and 6.2.12)
- Zoom Rooms for Windows before version 6.3.10
- Zoom Rooms Controller for Windows before version 6.3.10
- Zoom Meeting SDK for Windows before version 6.3.10
Reported by Zoom Offensive Security.
| Revision | Date | Description |
|---|---|---|
| 1.0 | 08/12/2025 | Initial publication. |