Zoom Clients for Windows Vulnerability Exposes Users to DoS Attacks

Zoom Clients for Windows Vulnerability Exposes Users to DoS Attacks

Recently, two vulnerabilities have been discovered in specific Zoom Clients for Windows, which could enable attackers to launch Denial of Service (DoS) attacks.

These flaws, tracked under CVE-2025-49464 and CVE-2025-46789, were reported by security researcher fre3dm4n and carry a Medium severity rating with a CVSS score of 6.5 each.

Nature of the Vulnerabilities

Both vulnerabilities stem from a classic buffer overflow issue in the affected Zoom products. This flaw could enable an authorized user with network access to exploit the system, causing a DoS condition that disrupts service availability.

Google News

The CVSS vector string for both issues, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicates a high impact on availability, though confidentiality and integrity remain unaffected. While the attack requires low privileges and no user interaction, the potential for disruption is significant for organizations relying on Zoom for communication.

The vulnerabilities impact multiple Zoom products for Windows, with slight variations in affected versions between the two CVEs. Below is a breakdown of the affected software:

  • CVE-2025-49464:
    • Zoom Workplace for Windows before version 6.4.0
    • Zoom Workplace VDI for Windows before version 6.3.10 (except 6.1.7 and 6.2.15)
    • Zoom Rooms for Windows before version 6.4.0
    • Zoom Rooms Controller for Windows before version 6.4.0
    • Zoom Meeting SDK for Windows before version 6.4.0
  • CVE-2025-46789:
    • Zoom Workplace for Windows before version 6.4.5
    • Zoom Workplace VDI for Windows before version 6.3.12 (except 6.2.15)
    • Zoom Rooms for Windows before version 6.4.5
    • Zoom Rooms Controller for Windows before version 6.4.5
    • Zoom Meeting SDK for Windows before version 6.4.5

Zoom has acknowledged these vulnerabilities and released updates to address them. Users are strongly urged to apply the latest patches to protect their systems. The updates are available for download through Zoom’s official portal.

Ensuring that software is up to date is a critical step in safeguarding against potential exploits that could interrupt business operations or personal communications.

These vulnerabilities highlight the ongoing challenges in securing widely used communication tools, especially as remote work and virtual meetings remain integral to many organizations.

Buffer overflow issues, while classic, continue to pose risks when not addressed promptly. For Zoom users, particularly those managing large teams or sensitive operations, staying vigilant about software updates is essential.

Investigate live malware behavior, trace every step of an attack, and make faster, smarter security decisions -> Try ANY.RUN now 


Source link