CVE-2025-49457

CRITICAL

Zoom Meeting Software Development Kit < 6.3.10 - Untrusted Search Path

Title source: rule

Description

Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access

References (1)

Scores

CVSS v3 9.6
EPSS 0.0011
EPSS Percentile 30.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Classification

CWE
CWE-426
Status published

Affected Products (5)

zoom/meeting_software_development_kit < 6.3.10
zoom/rooms < 6.3.10
zoom/rooms_controller < 6.3.10
zoom/workplace_desktop < 6.3.10
zoom/workplace_virtual_desktop_infrastructure < 6.1.16

Timeline

Published Aug 12, 2025
Tracked Since Feb 18, 2026