Zoom patches critical Windows flaw with high risk of takeover
Security bug affects multiple Zoom Windows apps before version 6.3.10.
Zoom has patched a critical Windows vulnerability that could let attackers fully take control of devices without needing credentials. The flaw, CVE-2025-49457, stems from the app failing to use explicit paths when loading DLLs, allowing malicious files to be executed.
Attackers could exploit this to install malware or extract sensitive data such as recordings or user credentials, even pivoting deeper into networks. The issue affects several Zoom products, including Workplace, VDI, Rooms, and Meeting SDK, all before version 6.3.10.
Zoom urges users to update their app immediately, as the flaw requires no advanced skill and can be triggered with minimal access. However, this highlights the increasing cybersecurity concerns associated with the digital world.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!