Zoom patches worrying security Windows flaw - make sure you're protected, update now

News
By published

Critical severity privilege escalation flaw found in Zoom

Hands typing on a keyboard surrounded by security icons
(Image credit: Shutterstock)
  • Zoom warns multiple versions of its Windows client are vulnerable
  • A security flaw can be used to fully take over target endpoints
  • Zoom advises patching immediately, so users should update now

Zoom has patched a critical severity vulnerability which could have allowed threat actors to escalate their privileges over the network.

The online collaboration tool found its Windows application doesn’t always use explicit full paths when loading dynamic libraries (DLLs). Instead, it relies on Windows’ default search order, which means if an attacker were to place a malicious DLL into the right location, Zoom may load and execute it. It is similar to the Bring-Your-Own-Vulnerable-Driver type of attack, although not identical.

So, if the DLL triggers the installation of persistent malware such as backdoors or ransomware, and if Zoom runs with elevated privileges, the threat actors could, in theory, take over the entire endpoint.

Debian, Fedora, and others

In other scenarios, the vulnerability could be used to harvest sensitive files such as meeting recordings, contact lists, credentials, and similar. They could also pivot deeper into the corporate network, reaching domain controllers or high-value systems.

The worst part about abusing this flaw is that it does not require any authentication, and can be described as low in complexity. All the threat actors need is a path that the target device trusts, and doesn’t even require advanced skills - just placing the malicious DLL in a strategic location.

The vulnerability, affecting the Windows client, is tracked as CVE-2025-49457, and carries a severity score of 9.6/10 (critical).

Zoom’s prevalence in the business world, especially since the Covid-19 pandemic, means the attack surface is quite large.

Affected products include Zoom Workplace for Windows before version 6.3.10, Zoom Workplace VDI for Windows before version 6.3.10 (except 6.1.16 and 6.2.12), Zoom Rooms for Windows before version 6.3.10, Zoom Rooms Controller for Windows before version 6.3.10, and Zoom Meeting SDK for Windows before version 6.3.10.

A patch is already available, and users are advised to apply it as soon as possible.

You might also like

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.