CVE-2025-49457: 
Zoom Client vulnerability analysis and mitigation

CVE-2025-49457 is a critical security vulnerability discovered in Zoom Clients for Windows. The vulnerability was disclosed on August 12, 2025, and involves an untrusted search path that could allow privilege escalation. The affected products include Zoom Workplace for Windows, Zoom Workplace VDI for Windows, Zoom Rooms for Windows, Zoom Rooms Controller for Windows, and Zoom Meeting SDK for Windows, all versions before 6.3.10 (Zoom Bulletin, Hacker News).

The vulnerability has been assigned a Critical CVSS v3.1 score of 9.6 with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H. It is classified under CWE-426 (Untrusted Search Path). The flaw allows an unauthenticated user to conduct an escalation of privilege through network access by exploiting an untrusted search path in the affected Windows clients (Security Online, Zoom Bulletin).

The vulnerability enables attackers to potentially execute malicious code with elevated privileges by placing a malicious file in a location searched before the legitimate file path. This could lead to complete system compromise, allowing attackers to gain unauthorized access and control over affected systems (Security Online).

Zoom has released security updates to address this vulnerability. Users are strongly advised to immediately update their Zoom clients to version 6.3.10 or later through the official Zoom Download Center. For VDI environments, versions 6.1.16 and 6.2.12 also contain the fix (Zoom Bulletin).