CVE-2025-49457
CRITICALDescription
Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| zoom | meeting_software_development_kit |
| zoom | rooms |
| zoom | rooms_controller |
| zoom | workplace_desktop |
| zoom | workplace_virtual_desktop_infrastructure |
| zoom | workplace_virtual_desktop_infrastructure |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-49457? +
How severe is CVE-2025-49457? +
What products are affected by CVE-2025-49457? +
How do I check if I'm vulnerable to CVE-2025-49457? +
Related Vulnerabilities
There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file …
Rufus is a utility that helps format and create bootable USB flash drives. A DLL hijacking vulnerability in Rufus 4.6.2208 …
Broadcom Automic Automation Agent Unix versions < 24.3.0 HF4 and < 21.0.13 HF1 allow low privileged users who have execution …
An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on enables a locally authenticated non administrative user …
In Seagate Toolkit on Windows a vulnerability exists in the Toolkit Installer prior to versions 2.35.0.6 where it attempts to …
Untrusted Search Path vulnerability in OpenText™ Application Lifecycle Management (ALM),Quality Center allows Code Inclusion. The vulnerability allows a user to …