[CIVN-2025-0179] Multiple vulnerabilities in Zoom
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple vulnerabilities in Zoom
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: HIGH
Software Affected
Zoom Workplace for Windows before version 6.4.10
Zoom Workplace VDI for Windows before version 6.3.12
Zoom Rooms for Windows before version 6.4.5
Zoom Rooms Controller for Windows before version 6.4.5
Zoom Meeting SDK for Windows before version 6.4.10
Overview
Multiple vulnerabilities have been reported in Zoom products, which could be exploited by an attacker to inject malicious code or gain elevated privileges on the targeted system.
Target Audience:
All end-user organizations and individuals using zoom applications.
Risk Assessment:
High risk of data manipulation & malicious code injection.
Impact Assessment:
Potential for compromise the integrity of the app & service disruption.
Description
Multiple vulnerabilities exist in Zoom products due to race usage of an untrusted search path and a race condition issues.
Successful exploitation of these vulnerabilities could allow an attacker to inject malicious code or gain elevated privileges on the targeted system.
Solution
Apply appropriate updates as mentioned by the vendor:
https://www.zoom.com/en/trust/security-bulletin/zsb-25029/
https://www.zoom.com/en/trust/security-bulletin/zsb-25030/
Vendor Information
Zoom
https://www.zoom.com/en/trust/security-bulletin/?lang=null
References
Zoom
https://www.zoom.com/en/trust/security-bulletin/zsb-25029/
https://www.zoom.com/en/trust/security-bulletin/zsb-25030/
CVE Name
CVE-2025-49456
CVE-2025-49457
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmikdd4ACgkQ3jCgcSdc
ys8mjRAAi8mIqW/zfGK3mQPozXBys4P1V2iorWyLSBqHLH1RPET/nH9OSxb4aB/O
hPnOs9m4LeIZQ9aZjbw5hQ2T2ZJGvPhuaeQMtR94eK0+XUgjNr24YyR49WwU8VDA
0us+j84gor+cQq+Y7PuFqfyGh7pYFFz9xD3k8BjGMesqa6sTEdP9VMLZ2D7QXYq9
L52Bbo9/dR0Fpn+IRpXmUk01CO/O3ddwwqVCdMFsSSG3SPB7l6k3zxezJfdHANND
xCTVPZYPFTEtpc4mBlxuIoIkoNzhRzGWXu5L04ZhHkhNQ7gAx6GMtbIR3+qslA2N
t/ZwKB5y6eG+VwA5BAmVwCzeJocBOSwq7nrpNWO/R5rwLVm3aelVALPu/Y0fs4YL
NmwmSVxaSIoUjnbvNwaGgCebFN4pkI5UtLlnipx01v76O93b7PX8eFg/q+zmpv7C
Mtu4faG9c8K2CdGGmG5WnURASlVv9s0gCNPtjz0FvuVP7mSZwyKrnv8b7fRVy/Jl
jswIjck0pQRuL1YY8N6CJXB80MoO4xFq3I75fAcEVpXxZPSAtQxBUWVQACqfcH0N
grtjGgVGsVUMD26zvP9pv33L3vOsSI22/JRpau7+CBAye3vR3Kwgknk+QgUSgrxv
p9amV7mvPklzQQ5FQDMoVegqB5WbbRIoDByatEugCUT5xYZYfAQ=
=XLO3
—–END PGP SIGNATURE—–
![[CIVN-2025-0181] Multiple vulnerabilities in Xerox FreeFlow Core](https://teamwin.in/wp-content/uploads/2025/06/certin-new-e1751351599950-500x383.png)
