Zoom has released an urgent security update for its Windows client and Workplace platform to address multiple flaws, including a critical vulnerability that could allow attackers to hijack or manipulate the application.
Users are strongly encouraged to apply the patch immediately to protect their systems.
Update Details
The new release covers ten security bulletins targeting Zoom’s Windows and macOS clients, as well as its Workplace platform.
Among these, one vulnerability in the Windows client is rated Critical, while another in the Workplace for Windows on ARM is rated High. The rest are rated Medium.
The critical issue, CVE-2025-49457, involves an Untrusted Search Path flaw in the Windows desktop client.
An attacker with local access could exploit this weakness to load malicious code from an unintended directory when Zoom starts.
Below is a summary of the most severe flaws fixed in this update:
| Title | Severity | CVE |
| Zoom Clients for Windows – Untrusted Search Path | Critical | CVE-2025-49457 |
| Zoom Workplace for Windows on ARM – Missing Authorization | High | CVE-2025-49459 |
These critical fixes are part of a larger effort that also addresses medium-severity issues such as race conditions, improper authorization, cross-site scripting, and buffer overflows across Zoom’s Windows, macOS, iOS, Linux, and VMware Horizon VDI environments.
How to Update
To secure your Zoom installation:
- Windows Client
Open the Zoom desktop client, click your profile icon, select “Check for Updates,” and follow the on-screen prompts. This will install the latest version, which contains the fix for the Untrusted Search Path vulnerability. - Workplace Platform
Administrators should log into the Zoom Workplace management console. Navigate to the Security section and apply the pending update for Workplace on Windows ARM devices. - Other Platforms
Ensure your macOS, Linux, and iOS clients are updated via their respective app stores or package managers. Although these versions do not contain critical flaws, they include fixes for medium-severity issues that could still pose risks.
Zoom emphasizes that updating as soon as possible is key to preventing potential exploits. There is no indication that these vulnerabilities have been used in active attacks, but delaying the update increases the window of exposure.
By regularly applying updates and following best practices—such as running software with the least necessary privileges—organizations and individual users can maintain a more secure collaboration environment.
Always verify update authenticity by downloading patches directly through Zoom’s official channels and avoiding third-party sources.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
Source link
