- Zoom warns multiple versions of its Windows client are vulnerable
- A security flaw can be used to fully take over target endpoints
- Zoom advises patching immediately, so users should update now
Zoom has patched a critical severity vulnerability which could have allowed threat actors to escalate their privileges over the network.
The online collaboration tool found its Windows application doesn’t always use explicit full paths when loading dynamic libraries (DLLs). Instead, it relies on Windows’ default search order, which means if an attacker were to place a malicious DLL into the right location, Zoom may load and execute it. It is similar to the Bring-Your-Own-Vulnerable-Driver type of attack, although not identical.
So, if the DLL triggers the installation of persistent malware such as backdoors or ransomware, and if Zoom runs with elevated privileges, the threat actors could, in theory, take over the entire endpoint.
Debian, Fedora, and others
In other scenarios, the vulnerability could be used to harvest sensitive files such as meeting recordings, contact lists, credentials, and similar. They could also pivot deeper into the corporate network, reaching domain controllers or high-value systems.
The worst part about abusing this flaw is that it does not require any authentication, and can be described as low in complexity. All the threat actors need is a path that the target device trusts, and doesn’t even require advanced skills – just placing the malicious DLL in a strategic location.
The vulnerability, affecting the Windows client, is tracked as CVE-2025-49457, and carries a severity score of 9.6/10 (critical).
Zoom’s prevalence in the business world, especially since the Covid-19 pandemic, means the attack surface is quite large.
Affected products include Zoom Workplace for Windows before version 6.3.10, Zoom Workplace VDI for Windows before version 6.3.10 (except 6.1.16 and 6.2.12), Zoom Rooms for Windows before version 6.3.10, Zoom Rooms Controller for Windows before version 6.3.10, and Zoom Meeting SDK for Windows before version 6.3.10.
A patch is already available, and users are advised to apply it as soon as possible.
You might also like
https://cdn.mos.cms.futurecdn.net/JsiJrxSjMKfjp2kjQjBwLb.jpg
Source link
