[Security Vulnerability Alert] A major security vulnerability (CVE-2025-49457) exists in the Zoom client for Windows.

[Security Vulnerability Alert] A major security vulnerability (CVE-2025-49457) exists in the Zoom client for Windows.

2025/8/18 ～ 2026/2/18

View Count：32

Forwarded by Taiwan Computer Network Crisis Management and Coordination Center (TWCERTCC-200-202508-00000008)

[Description]
Zoom is a cross-platform cloud-based video conferencing software that supports multi-person online meetings, screen sharing, and meeting recording, making it suitable for remote work and teaching. Zoom recently released a critical security vulnerability advisory (CVE-2025-49457, CVSS: 9.6). Some Windows versions of Zoom clients contain an untrusted search path vulnerability that could allow an unauthenticated attacker to escalate privileges via network access.

[Affected Platforms]
● Zoom Workplace for Windows versions prior to 6.3.10
● Zoom Workplace VDI for Windows versions prior to 6.3.10 (except 6.1.16 and 6.2.12)
● Zoom Rooms for Windows versions prior to 6.3.10
● Zoom Rooms Controller for Windows versions prior to 6.3.10
● Zoom Meeting SDK for Windows versions prior to 6.3.10

[Recommended Action]
Patch according to the workaround released on the official website.

https://www.zoom.com/en/trust/security-bulletin/zsb-25030/?lang=null&lang=null

[References]
https://www.twcert.org.tw/tw/cp-169-10323-6ea39-1.html

[Security Vulnerability Alert] A major security vulnerability (CVE-2025-49457) exists in the Zoom client for Windows.

2025/8/18 ～ 2026/2/18

View Count：32

Files

None

【Back】