InfoSecBulletin Cybersecurity for mankind
Zoom has released security updates for its Windows clients to fix two major vulnerabilities, CVE-2025-49456 and CVE-2025-49457, which could allow attackers to exploit race conditions and untrusted search paths.
The first flaw, CVE-2025-49456 (CVSS 6.2), is a race condition in the installer for certain Zoom Clients for Windows. According to Zoom, it “may allow an unauthenticated user to impact application integrity via local access.”
Hacker claim to breach Link3; 189,000 Users data up for sale
Check Point Hosts “Securing the Hyperconnected World in the AI Era” in Dhaka
Microsoft Confirms 900+ XSS Vulns Found in IT Services
Daily Security Update Dated : 15.09.2025
IBM QRadar SIEM Vuln Let Attackers Perform Unauthorized Actions
Major Australian Banks using Army of AI Bots to Scam Scammers
F5 to acquire CalypsoAI for $180M for Advanced AI Security Capabilities
AI Pentesting Tool ‘Villager’ Merges Kali Linux with DeepSeek AI for Automated Attacks
CVE-2025-21043
Samsung Patched Critical Zero-Day Flaw Exploited in Android Attacks
Albania appoints world’s first AI minister, “Diella” to Tackle Corruption
This means that a local attacker could potentially manipulate the installation process to alter or replace application files before they are properly secured, potentially enabling malicious code execution.
The second and more severe issue, CVE-2025-49457 (CVSS 9.6), is an untrusted search path vulnerability in certain Zoom Clients for Windows. Zoom warns that it “may allow an unauthenticated user to conduct an escalation of privilege via network access.”
By placing a malicious file in a location searched before the legitimate file path, an attacker—potentially over a network share—could trick the application into executing malicious code with elevated privileges.
Both vulnerabilities have been fixed in the latest releases. Zoom advises all users to immediately update their clients to the patched versions via the official Zoom Download Center.
