- Zoom warns of multiple versions of his Windows client are vulnerable
- You can use a security failure to completely assume the final points of destination
- Zoom advises patches immediately, so users must now be updated
Zoom has patched a vulnerability of critical gravity that could have allowed threat actors to intensify their privileges on the network.
The online collaboration tool found that its Windows application does not always use complete complicit routes when loading dynamic libraries (DLL). On the other hand, it is based on the predetermined Windows search order, which means that if an attacker placed a malicious DLL in the correct location, zoom can load and execute it. It is similar to the type of vulnerable driving attack, although not identical.
Then, if the DLL triggers the installation of persistent malware, such as rear or ransomware doors, and if Zoom is executed with high privileges, the threat actors could, in theory, take care of the entire end point.
Debian, Fedora and others
In other scenarios, vulnerability could be used to harvest confidential files, such as meetings recordings, contact lists, credentials and the like. They could also turn more deeply in the corporate network, reaching domain controllers or high value systems.
The worst part of abusing this defect is that it does not require any authentication, and can be described as low in complexity. All the threat that actors need is a route on which the target device trusts, and does not even require advanced skills, just placing the malicious DLL in a strategic location.
Vulnerability, which affects the Windows client, is traced as CVE-2025-49457, and entails a gravity score of 9.6/10 (critical).
The prevalence of zoom in the business world, especially from the Covid-19 pandemic, means that the attack surface is quite large.
The affected products include Zoom’s workplace for Windows before version 6.3.10, Zoom Workplace VDI for Windows before version 6.3.10 (except 6.1.16 and 6.2.12), Zoom rooms for Windows before version 6.3.10, the zoom room controller for Windows before version 6.3.10 and the SDK of the SDK Zoom for Windows before version 6.3.10.
A patch is now available and users are recommended to apply it as soon as possible.
