CVE-2025-49457
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-12
Last updated on: 2025-09-08
Assigner: Zoom Video Communications, Inc.
Description
Description
Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zoom | meeting_software_development_kit | to 6.3.10 (exc) |
| zoom | rooms | to 6.3.10 (exc) |
| zoom | rooms_controller | to 6.3.10 (exc) |
| zoom | workplace_desktop | to 6.3.10 (exc) |
| zoom | workplace_virtual_desktop_infrastructure | to 6.1.16 (exc) |
| zoom | workplace_virtual_desktop_infrastructure | From 6.2.10 (inc) to 6.2.12 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-426 | The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an untrusted search path issue in certain Zoom Clients for Windows. It may allow an unauthenticated user to escalate their privileges by exploiting network access, potentially gaining higher-level permissions than intended.
How can this vulnerability impact me? :
The vulnerability can lead to an escalation of privilege, meaning an attacker could gain unauthorized access or control over the affected system. This could result in significant security risks including data compromise, system manipulation, or disruption of services.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70