Untrusted Search Path Vulnerability in Zoom Clients for Windows
CVE-2025-49457

9.6CRITICAL

Key Information:

Vendor: Zoom Communications Inc
Status: Zoom Clients For Windows
Vendor: CVE Published:; 12 August 2025

🔔 Create Zoom Communications Inc Vulnerability Alert

What is CVE-2025-49457?

A security vulnerability exists in certain Zoom Clients for Windows due to an untrusted search path issue. This flaw may permit an unauthenticated user to gain elevated privileges on the system by exploiting network access. Zoom has addressed this issue, and users are advised to update their clients to the latest version to mitigate the risks associated with this vulnerability.

Affected Version(s)

Zoom Clients for Windows Windows see references

References

https://www.zoom.com/en/trust/security-bulletin/zsb-25030

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2025
Vulnerability Reserved
Jun 4, 2025