{"id":2093,"date":"2025-08-22T13:29:16","date_gmt":"2025-08-22T17:29:16","guid":{"rendered":"https:\/\/www.yorku.ca\/uit\/infosec\/?p=2093"},"modified":"2025-08-22T13:41:08","modified_gmt":"2025-08-22T17:41:08","slug":"https-www-yorku-ca-uit-infosec-category-vulnerabilities-zoom-client-vulnerability-cve-2025-49457","status":"publish","type":"post","link":"https:\/\/www.yorku.ca\/uit\/infosec\/2025\/08\/22\/https-www-yorku-ca-uit-infosec-category-vulnerabilities-zoom-client-vulnerability-cve-2025-49457\/","title":{"rendered":"Zoom client Vulnerability (CVE-2025-49457)"},"content":{"rendered":"\n<p>A new vulnerability has been identified in Zoom Clients for Windows (CVE-2025-49457) which could allow remote attackers to escalate privileges via an untrusted search path.<\/p>\n\n\n\n<p><strong>Severity level<\/strong><strong>&nbsp;<\/strong><\/p>\n\n\n\n<p>CVSS Score: 9.6\/Critical<\/p>\n\n\n\n<p><strong>Description<\/strong>:- Zoom is a widely used video conferencing and collaboration platform. CVE-2025-49457 is an untrusted search path vulnerability arises from improper handling of DLL search paths in Zoom Clients for Windows. When the Zoom client loads dynamic link libraries without specifying absolute paths, Windows may load malicious DLLs placed in directories that are searched before legitimate ones. This flaw allows unauthenticated attackers to execute arbitrary code with the privileges of the Zoom application, potentially leading to full system compromise&nbsp;<\/p>\n\n\n\n<p><strong>Affected Versions<\/strong><strong>&nbsp;:-&nbsp; &nbsp;<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Zoom Workplace for Windows before version 6.3.10.<\/li>\n\n\n\n<li>Zoom Workplace VDI for Windows before version 6.3.10 (excluding versions 6.1.16 and 6.2.12).<\/li>\n\n\n\n<li>Zoom Rooms for Windows before version 6.3.10.<\/li>\n\n\n\n<li>Zoom Rooms Controller for Windows before version 6.3.10.<\/li>\n\n\n\n<li>Zoom Meeting SDK for Windows before version 6.3.10.<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<p><strong>Impact:-<\/strong><\/p>\n\n\n\n<p>Successful exploitation may result in result in full system compromise.<\/p>\n\n\n\n<p><strong>Resolution:-<\/strong><\/p>\n\n\n\n<p>Please update to the following patched version: <strong>Zoom Clients for Windows version 6.3.10 or later<\/strong>.<\/p>\n\n\n\n<p><strong>Reference:-<\/strong><\/p>\n\n\n\n<p><a href=\"https:\/\/www.zoom.com\/en\/trust\/security-bulletin\/zsb-25030\/?ampDeviceId=88bbbe3a-39c1-4b34-8b1f-1dc321ea2acc&amp;ampSessionId=1755869051484&amp;ampDeviceId=88bbbe3a-39c1-4b34-8b1f-1dc321ea2acc&amp;ampSessionId=1755869051484\">https:\/\/www.zoom.com\/en\/trust\/security-bulletin\/zsb-25030\/?ampDeviceId=88bbbe3a-39c1-4b34-8b1f-1dc321ea2acc&amp;ampSessionId=1755869051484&amp;ampDeviceId=88bbbe3a-39c1-4b34-8b1f-1dc321ea2acc&amp;ampSessionId=1755869051484<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/thehackernews.com\/2025\/08\/zoom-and-xerox-release-critical.html\">https:\/\/thehackernews.com\/2025\/08\/zoom-and-xerox-release-critical.html<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.wiz.io\/vulnerability-database\/cve\/cve-2025-49457\">https:\/\/www.wiz.io\/vulnerability-database\/cve\/cve-2025-49457<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A new vulnerability has been identified in Zoom Clients for Windows (CVE-2025-49457) which could allow remote attackers to escalate privileges via an untrusted search path. Severity level&nbsp; CVSS Score: 9.6\/Critical Description:- Zoom is a widely used video conferencing and collaboration platform. CVE-2025-49457 is an untrusted search path vulnerability arises from improper handling of DLL search [&hellip;]<\/p>\n","protected":false},"author":2694,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_kad_blocks_custom_css":"","_kad_blocks_head_custom_js":"","_kad_blocks_body_custom_js":"","_kad_blocks_footer_custom_js":"","ngg_post_thumbnail":0,"footnotes":""},"categories":[31],"tags":[],"class_list":["post-2093","post","type-post","status-publish","format-standard","hentry","category-vulnerabilities"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Zoom client Vulnerability (CVE-2025-49457) - Information Security<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.yorku.ca\/uit\/infosec\/2025\/08\/22\/https-www-yorku-ca-uit-infosec-category-vulnerabilities-zoom-client-vulnerability-cve-2025-49457\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Zoom client Vulnerability (CVE-2025-49457) - Information Security\" \/>\n<meta property=\"og:description\" content=\"A new vulnerability has been identified in Zoom Clients for Windows (CVE-2025-49457) which could allow remote attackers to escalate privileges via an untrusted search path. Severity level&nbsp; CVSS Score: 9.6\/Critical Description:- Zoom is a widely used video conferencing and collaboration platform. CVE-2025-49457 is an untrusted search path vulnerability arises from improper handling of DLL search [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.yorku.ca\/uit\/infosec\/2025\/08\/22\/https-www-yorku-ca-uit-infosec-category-vulnerabilities-zoom-client-vulnerability-cve-2025-49457\/\" \/>\n<meta property=\"og:site_name\" content=\"Information Security\" \/>\n<meta property=\"article:published_time\" content=\"2025-08-22T17:29:16+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-08-22T17:41:08+00:00\" \/>\n<meta name=\"author\" content=\"kasingh\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"kasingh\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/2025\\\/08\\\/22\\\/https-www-yorku-ca-uit-infosec-category-vulnerabilities-zoom-client-vulnerability-cve-2025-49457\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/2025\\\/08\\\/22\\\/https-www-yorku-ca-uit-infosec-category-vulnerabilities-zoom-client-vulnerability-cve-2025-49457\\\/\"},\"author\":{\"name\":\"kasingh\",\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/#\\\/schema\\\/person\\\/206ba07b2fdc716dbfb162fe95aa60ee\"},\"headline\":\"Zoom client Vulnerability (CVE-2025-49457)\",\"datePublished\":\"2025-08-22T17:29:16+00:00\",\"dateModified\":\"2025-08-22T17:41:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/2025\\\/08\\\/22\\\/https-www-yorku-ca-uit-infosec-category-vulnerabilities-zoom-client-vulnerability-cve-2025-49457\\\/\"},\"wordCount\":241,\"publisher\":{\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/#organization\"},\"articleSection\":[\"Vulnerabilities\"],\"inLanguage\":\"en-CA\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/2025\\\/08\\\/22\\\/https-www-yorku-ca-uit-infosec-category-vulnerabilities-zoom-client-vulnerability-cve-2025-49457\\\/\",\"url\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/2025\\\/08\\\/22\\\/https-www-yorku-ca-uit-infosec-category-vulnerabilities-zoom-client-vulnerability-cve-2025-49457\\\/\",\"name\":\"Zoom client Vulnerability (CVE-2025-49457) - Information Security\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/#website\"},\"datePublished\":\"2025-08-22T17:29:16+00:00\",\"dateModified\":\"2025-08-22T17:41:08+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/2025\\\/08\\\/22\\\/https-www-yorku-ca-uit-infosec-category-vulnerabilities-zoom-client-vulnerability-cve-2025-49457\\\/#breadcrumb\"},\"inLanguage\":\"en-CA\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/2025\\\/08\\\/22\\\/https-www-yorku-ca-uit-infosec-category-vulnerabilities-zoom-client-vulnerability-cve-2025-49457\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/2025\\\/08\\\/22\\\/https-www-yorku-ca-uit-infosec-category-vulnerabilities-zoom-client-vulnerability-cve-2025-49457\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Zoom client Vulnerability (CVE-2025-49457)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/#website\",\"url\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/\",\"name\":\"Information Security\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-CA\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/#organization\",\"name\":\"Information Security\",\"url\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-CA\",\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/wp-content\\\/uploads\\\/sites\\\/806\\\/2025\\\/05\\\/Image-4.png\",\"contentUrl\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/wp-content\\\/uploads\\\/sites\\\/806\\\/2025\\\/05\\\/Image-4.png\",\"width\":1024,\"height\":1024,\"caption\":\"Information Security\"},\"image\":{\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/#\\\/schema\\\/person\\\/206ba07b2fdc716dbfb162fe95aa60ee\",\"name\":\"kasingh\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-CA\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/c8a14e9f369169760b25636109e5d366baf391d45d3aa148137036b64cc6bb48?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/c8a14e9f369169760b25636109e5d366baf391d45d3aa148137036b64cc6bb48?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/c8a14e9f369169760b25636109e5d366baf391d45d3aa148137036b64cc6bb48?s=96&d=mm&r=g\",\"caption\":\"kasingh\"},\"url\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/author\\\/kasingh\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Zoom client Vulnerability (CVE-2025-49457) - Information Security","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.yorku.ca\/uit\/infosec\/2025\/08\/22\/https-www-yorku-ca-uit-infosec-category-vulnerabilities-zoom-client-vulnerability-cve-2025-49457\/","og_locale":"en_US","og_type":"article","og_title":"Zoom client Vulnerability (CVE-2025-49457) - Information Security","og_description":"A new vulnerability has been identified in Zoom Clients for Windows (CVE-2025-49457) which could allow remote attackers to escalate privileges via an untrusted search path. Severity level&nbsp; CVSS Score: 9.6\/Critical Description:- Zoom is a widely used video conferencing and collaboration platform. CVE-2025-49457 is an untrusted search path vulnerability arises from improper handling of DLL search [&hellip;]","og_url":"https:\/\/www.yorku.ca\/uit\/infosec\/2025\/08\/22\/https-www-yorku-ca-uit-infosec-category-vulnerabilities-zoom-client-vulnerability-cve-2025-49457\/","og_site_name":"Information Security","article_published_time":"2025-08-22T17:29:16+00:00","article_modified_time":"2025-08-22T17:41:08+00:00","author":"kasingh","twitter_card":"summary_large_image","twitter_misc":{"Written by":"kasingh","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.yorku.ca\/uit\/infosec\/2025\/08\/22\/https-www-yorku-ca-uit-infosec-category-vulnerabilities-zoom-client-vulnerability-cve-2025-49457\/#article","isPartOf":{"@id":"https:\/\/www.yorku.ca\/uit\/infosec\/2025\/08\/22\/https-www-yorku-ca-uit-infosec-category-vulnerabilities-zoom-client-vulnerability-cve-2025-49457\/"},"author":{"name":"kasingh","@id":"https:\/\/www.yorku.ca\/uit\/infosec\/#\/schema\/person\/206ba07b2fdc716dbfb162fe95aa60ee"},"headline":"Zoom client Vulnerability (CVE-2025-49457)","datePublished":"2025-08-22T17:29:16+00:00","dateModified":"2025-08-22T17:41:08+00:00","mainEntityOfPage":{"@id":"https:\/\/www.yorku.ca\/uit\/infosec\/2025\/08\/22\/https-www-yorku-ca-uit-infosec-category-vulnerabilities-zoom-client-vulnerability-cve-2025-49457\/"},"wordCount":241,"publisher":{"@id":"https:\/\/www.yorku.ca\/uit\/infosec\/#organization"},"articleSection":["Vulnerabilities"],"inLanguage":"en-CA"},{"@type":"WebPage","@id":"https:\/\/www.yorku.ca\/uit\/infosec\/2025\/08\/22\/https-www-yorku-ca-uit-infosec-category-vulnerabilities-zoom-client-vulnerability-cve-2025-49457\/","url":"https:\/\/www.yorku.ca\/uit\/infosec\/2025\/08\/22\/https-www-yorku-ca-uit-infosec-category-vulnerabilities-zoom-client-vulnerability-cve-2025-49457\/","name":"Zoom client Vulnerability (CVE-2025-49457) - Information Security","isPartOf":{"@id":"https:\/\/www.yorku.ca\/uit\/infosec\/#website"},"datePublished":"2025-08-22T17:29:16+00:00","dateModified":"2025-08-22T17:41:08+00:00","breadcrumb":{"@id":"https:\/\/www.yorku.ca\/uit\/infosec\/2025\/08\/22\/https-www-yorku-ca-uit-infosec-category-vulnerabilities-zoom-client-vulnerability-cve-2025-49457\/#breadcrumb"},"inLanguage":"en-CA","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.yorku.ca\/uit\/infosec\/2025\/08\/22\/https-www-yorku-ca-uit-infosec-category-vulnerabilities-zoom-client-vulnerability-cve-2025-49457\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.yorku.ca\/uit\/infosec\/2025\/08\/22\/https-www-yorku-ca-uit-infosec-category-vulnerabilities-zoom-client-vulnerability-cve-2025-49457\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.yorku.ca\/uit\/infosec\/"},{"@type":"ListItem","position":2,"name":"Zoom client Vulnerability (CVE-2025-49457)"}]},{"@type":"WebSite","@id":"https:\/\/www.yorku.ca\/uit\/infosec\/#website","url":"https:\/\/www.yorku.ca\/uit\/infosec\/","name":"Information Security","description":"","publisher":{"@id":"https:\/\/www.yorku.ca\/uit\/infosec\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.yorku.ca\/uit\/infosec\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-CA"},{"@type":"Organization","@id":"https:\/\/www.yorku.ca\/uit\/infosec\/#organization","name":"Information Security","url":"https:\/\/www.yorku.ca\/uit\/infosec\/","logo":{"@type":"ImageObject","inLanguage":"en-CA","@id":"https:\/\/www.yorku.ca\/uit\/infosec\/#\/schema\/logo\/image\/","url":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-content\/uploads\/sites\/806\/2025\/05\/Image-4.png","contentUrl":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-content\/uploads\/sites\/806\/2025\/05\/Image-4.png","width":1024,"height":1024,"caption":"Information Security"},"image":{"@id":"https:\/\/www.yorku.ca\/uit\/infosec\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.yorku.ca\/uit\/infosec\/#\/schema\/person\/206ba07b2fdc716dbfb162fe95aa60ee","name":"kasingh","image":{"@type":"ImageObject","inLanguage":"en-CA","@id":"https:\/\/secure.gravatar.com\/avatar\/c8a14e9f369169760b25636109e5d366baf391d45d3aa148137036b64cc6bb48?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/c8a14e9f369169760b25636109e5d366baf391d45d3aa148137036b64cc6bb48?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c8a14e9f369169760b25636109e5d366baf391d45d3aa148137036b64cc6bb48?s=96&d=mm&r=g","caption":"kasingh"},"url":"https:\/\/www.yorku.ca\/uit\/infosec\/author\/kasingh\/"}]}},"taxonomy_info":{"category":[{"value":31,"label":"Vulnerabilities"}]},"featured_image_src_large":false,"author_info":{"display_name":"kasingh","author_link":"https:\/\/www.yorku.ca\/uit\/infosec\/author\/kasingh\/"},"comment_info":0,"category_info":[{"term_id":31,"name":"Vulnerabilities","slug":"vulnerabilities","term_group":0,"term_taxonomy_id":31,"taxonomy":"category","description":"","parent":0,"count":17,"filter":"raw","cat_ID":31,"category_count":17,"category_description":"","cat_name":"Vulnerabilities","category_nicename":"vulnerabilities","category_parent":0}],"tag_info":false,"_links":{"self":[{"href":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-json\/wp\/v2\/posts\/2093","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-json\/wp\/v2\/users\/2694"}],"replies":[{"embeddable":true,"href":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-json\/wp\/v2\/comments?post=2093"}],"version-history":[{"count":3,"href":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-json\/wp\/v2\/posts\/2093\/revisions"}],"predecessor-version":[{"id":2100,"href":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-json\/wp\/v2\/posts\/2093\/revisions\/2100"}],"wp:attachment":[{"href":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-json\/wp\/v2\/media?parent=2093"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-json\/wp\/v2\/categories?post=2093"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-json\/wp\/v2\/tags?post=2093"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}