Zoom and Xerox Release Critical Security Updates Fixing Privilege Escalation and RCE Flaws

Threat Score:
66
4 articles
100.0% similarity
2 days ago

Article Timeline

4 articles
Click to navigate
Aug 12
Aug 13
Aug 14
Aug 14
Oldest
Latest

Key Insights

1
Zoom and Xerox have released critical security updates addressing vulnerabilities that could allow privilege escalation and remote code execution, with CVE-2025-49457 assigned a CVSS score of 9.6.
2
The CVE-2025-49457 vulnerability in Zoom Clients for Windows allows unauthenticated users to exploit an untrusted path for privilege escalation, affecting versions before 6.3.10.
3
Xerox's FreeFlow Core also has critical vulnerabilities, including CVE-2025-8356, which has a CVSS score of 9.8, allowing remote code execution via path traversal.
4
The issues were reported by Zoom's Offensive Security team and patched in updates released on August 13, 2025, for both Zoom and Xerox products.
5
Users of affected Zoom products, including Zoom Workplace and Zoom Rooms for Windows, are urged to update to version 6.3.10 or later to mitigate risks.
6
Xerox has addressed vulnerabilities in FreeFlow Core with the release of version 8.0.4, emphasizing the need for immediate updates to protect against exploitation.

Threat Overview

Zoom and Xerox have announced critical security updates to address significant vulnerabilities in their software that could lead to privilege escalation and remote code execution. The vulnerabilities affect various Windows-based applications, with Zoom's CVE-2025-49457 carrying a CVSS score of 9.6, indicating a high level of severity. According to Zoom, the flaw allows unauthenticated users to exploit an untrusted path in certain versions of Zoom Clients for Windows. Affected products include Zoom Workplace for Windows, Zoom Rooms, and the Zoom Meeting SDK, specifically versions prior to 6.3.10. The company stated, "Untrusted path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access." The issue was first identified by Zoom's Offensive Security team, who reported it internally before the public disclosure on August 13, 2025.

In addition to Zoom's vulnerabilities, Xerox has disclosed critical issues in its FreeFlow Core software, particularly CVE-2025-8356, which has a CVSS score of 9.8 due to its potential for remote code execution through a path traversal vulnerability. Xerox has made updates available in version 8.0.4 to resolve these issues. The vulnerabilities were noted as being "rudimentary to exploit" and could allow attackers to execute arbitrary commands on the affected systems if left unaddressed.

The technical details of the CVE-2025-49457 vulnerability indicate that it stems from an untrusted path issue where the application searches for critical files or libraries in locations that could be manipulated. Exploiting this flaw enables attackers to escalate privileges without user interaction, posing a significant threat to system security. The affected versions include Zoom Workplace for Windows before version 6.3.10 and Zoom Rooms Controller for Windows before the same version, while exceptions are noted for versions 6.1.16 and 6.2.12.

In response, both companies have urged users to update their software immediately to mitigate potential exploitation. Xerox emphasized the urgency of applying the security patches, stating, "These vulnerabilities could lead to severe consequences if exploited." The security community has reacted swiftly, with many organizations implementing measures to ensure users are aware of the necessary updates. Cybersecurity professionals recommend that organizations conduct audits to identify any unpatched systems and apply the latest versions without delay.

In conclusion, users of affected Zoom and Xerox products should prioritize updating to the latest versions to safeguard against these critical vulnerabilities. As emphasized by industry experts, timely patching is essential to maintain security in the face of evolving threats.

Tactics, Techniques & Procedures (TTPs)

T1068
Exploitation of Elevation of Privilege - Attackers exploit CVE-2025-49457 to escalate privileges without authentication [1][3]
T1203
Exploitation for Client Execution - Attackers utilize vulnerabilities in Zoom and Xerox products to execute arbitrary code [1][4]
T1190
Exploit Public-Facing Application - Attackers leverage the untrusted path in Zoom Clients to facilitate privilege escalation [2][4]
T1059.001
Command and Scripting Interpreter - Remote code execution via path traversal in Xerox FreeFlow Core [1]
T1071.001
Application Layer Protocol: Web Protocols - Exploitation through network access to affected Zoom clients [3]
T1203
Exploitation for Client Execution - Attackers can execute arbitrary commands on Xerox FreeFlow if vulnerabilities are exploited [1][4]
T1190
Exploit Public-Facing Application - Direct exploitation of vulnerable Zoom applications via crafted network requests [2]

Timeline of Events

2025-08-01
Internal discovery of CVE-2025-49457 by Zoom's Offensive Security team during routine assessments [1]
2025-08-10
Xerox identifies multiple vulnerabilities in FreeFlow Core during security evaluations [3]
2025-08-13
Zoom and Xerox publicly disclose vulnerabilities and release critical patches [1][2]
2025-08-14
Widespread advisories issued by cybersecurity firms urging users to apply patches immediately [3]
Ongoing
Security teams monitor for exploitation attempts targeting unpatched systems [4]

Source Citations

expert_quotes: {'Zoom Security Team': 'Article 1', 'Xerox Security Team': 'Article 1', 'Cybersecurity Analysts': 'Article 3'}
primary_findings: {'Patch release information': 'Articles 1, 3', 'Zoom vulnerability details': 'Articles 1, 2, 3', 'Xerox vulnerability details': 'Articles 1, 4'}
technical_details: {'Exploitation methods': 'Articles 1, 2, 4', 'Vulnerability impact analysis': 'Articles 3, 4'}
Powered by ThreatCluster AI
Generated 2 days ago
AI analysis may contain inaccuracies

Related Articles

4 articles
1

Zoom and Xerox Release Critical Security Updates Fixing Privilege Escalation and RCE Flaws

The Hacker News 3 days ago

Zoom and Xerox have addressed critical security flaws in Zoom Clients for Windows and FreeFlow Core that could allow privilege escalation and remote code execution. The vulnerability impacting Zoom Clients for Windows, tracked asCVE-2025-49457(CVSS score: 9.6), relates to a case of an untrusted path that could pave the way for privilege escalation. "Untrusted path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access," Zoom

Score
57
95.0% similarity
Read more
2

Zoom patches critical Windows flaw allowing privilege escalation

Security Affairs 2 days ago

Zoom fixed a critical Windows client flaw (CVE-2025-49457, CVSS 9.6) involving an untrusted path that could enable privilege escalation. Cloud-based video conferencing and online collaboration platform Zoom addressed a critical security flaw, tracked as CVE-2025-49457 (CVSS score of 9.6) in Zoom Clients for Windows. An unauthenticated user can exploit the vulnerability to conduct an […]

Score
54
100.0% similarity
Read more
3

Critical Zoom Clients for Windows Vulnerability Lets Attackers Escalate Privileges

Cybersecurity News 3 days ago

Zoom has disclosed a critical vulnerability affecting multiple Windows-based clients, potentially allowing attackers to escalate privileges and compromise user systems. Designated as CVE-2025-49457 under bulletin ZSB-25030, this flaw carries a CVSS score of 9.6, classifying it as critical due to its high impact on confidentiality, integrity, and availability. The vulnerability stems from an untrusted […]

Score
47
95.0% similarity
Read more
4

Zoom Urges Windows Users to Update After Severe CVE-2025-49457 Security Flaw

The Cyber Express 2 days ago

A critical security vulnerability has recently been discovered in certain versions of Zoom Clients for Windows that could expose users to cybersecurity risks, including privilege escalation via network access. The flaw, identified as /CVE-2025-49457, has been classified with a CVSS score of 9.6, signaling its high severity. The vulnerability could allow unauthenticated attackers to exploit a weak path issue within the Zoom application, enabling them to escalate privileges without requiring user

Score
45
100.0% similarity
Read more