Zoom Patches Critical Windows Flaw Allowing Privilege Escalation

In a recent update, Zoom has fixed a critical security flaw in its Windows client software (CVE-2025-49457, CVSS 9.6) that could enable privilege escalation via network access.

The vulnerability, tracked as CVE-2025-49457, is an untrusted search path issue that allows an unauthenticated user to conduct an escalation of privilege via network access. According to the advisory published by Zoom, "Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access."

The impact of this vulnerability is significant, as it affects millions of personal and business devices worldwide that rely on Zoom for cloud-based video conferencing and online collaboration. Sensitive conversations, corporate data, and meeting recordings are often stored on these platforms, making them vulnerable to exploitation.

Threat actors target Zoom due to its massive global user base and status as trusted software, which makes malicious actions through it less likely to raise suspicion. Additionally, Zoom can serve as an entry point into well-secured organizations that might otherwise have limited avenues for remote access.

In November 2024, Zoom addressed six vulnerabilities in its video conferencing and communication platform. Two of these vulnerabilities, tracked as CVE-2024-45421 and CVE-2024-45419, are high-severity issues that remote attackers could exploit to escalate privileges or leak sensitive information.

Why Zoom is a High-Value Target

Zoom's massive global user base makes it a high-value target for threat actors. Its status as trusted software means malicious actions through it are less likely to raise suspicion, allowing attackers to go undetected for longer periods.

Additionally, Zoom can serve as an entry point into well-secured organizations that might otherwise have limited avenues for remote access. This makes it essential for individuals and organizations to stay vigilant and address any security vulnerabilities promptly.

Stay Safe with Zoom

To protect yourself from this vulnerability, make sure you keep your Zoom software up-to-date. Regularly review the changelog and patch notes to ensure you have the latest security fixes.

Additionally, be cautious when using public Wi-Fi networks or unsecured devices to access Zoom. Consider using a virtual private network (VPN) to encrypt your internet traffic and protect your data.

By staying informed and taking proactive steps to secure your Zoom account, you can minimize the risk of falling victim to this vulnerability.

Follow Us for More Security Updates

Stay ahead of the latest security threats by following us on Twitter (@securityaffairs), Facebook, and Mastodon. We'll keep you informed about the latest vulnerabilities and provide expert advice on how to protect yourself online.