CVE-2025-49457
Published: 12 August 2025
Summary
CVE-2025-49457 is a critical-severity Untrusted Search Path (CWE-426) vulnerability in Zoom Workplace Virtual Desktop Infrastructure. Its CVSS base score is 9.6 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 39.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-10 (Software Usage Restrictions) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the untrusted search path vulnerability in Zoom Client by applying vendor patches from security bulletin ZSB-25030.
Prevents execution of malicious DLLs exploited via the untrusted search path by enforcing deny-all-permit-by-exception software usage restrictions.
Malicious code protection scans for and blocks DLLs placed in untrusted paths that could lead to privilege escalation in Zoom Client.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Untrusted search path (CWE-426) directly enables DLL side-loading for privilege escalation on Windows.
NVD Description
Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access
Deeper analysisAI
CVE-2025-49457 is an untrusted search path vulnerability (CWE-426) affecting certain Zoom Clients for Windows. Published on 2025-08-12, it enables an unauthenticated user to achieve an escalation of privilege through network access. The vulnerability carries a CVSS v3.1 base score of 9.6 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H), indicating critical severity due to its network vector, low attack complexity, lack of required privileges, and high impacts across confidentiality, integrity, and availability with a changed scope.
An unauthenticated attacker with network access can exploit this vulnerability by leveraging the untrusted search path, but it requires user interaction, such as a user being tricked into executing a malicious file or action within the Zoom client environment. Successful exploitation leads to privilege escalation on the targeted Windows system, potentially granting the attacker high-level control over the affected machine, including full read/write/execute capabilities and system disruption.
Zoom has issued security bulletin ZSB-25030, available at https://www.zoom.com/en/trust/security-bulletin/zsb-25030, which provides details on affected versions and recommended mitigations or patches. Security practitioners should consult this advisory for precise remediation steps.
Details
- CWE(s)