CVE-2025-49457

CRITICAL

Zoom Meeting Software Development Kit < 6.3.10 - Untrusted Search Path

Title source: rule
STIX 2.1

Description

Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access

References (1)

Scores

CVSS v3 9.6
EPSS 0.0016
EPSS Percentile 36.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-426
Status published
Products (5)
zoom/meeting_software_development_kit < 6.3.10
zoom/rooms < 6.3.10
zoom/rooms_controller < 6.3.10
zoom/workplace_desktop < 6.3.10
zoom/workplace_virtual_desktop_infrastructure < 6.1.16
Published Aug 12, 2025
Tracked Since Feb 18, 2026