Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN520
_____________________________________________________________________

DATE                : 14/08/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Zoom Workplace for Windows,
                     Zoom Workplace VDI for Windows, 
                     Zoom Rooms for Windows,
                     Zoom Rooms Controller for Windows,
                     Zoom Meeting SDK for Windows 1.0
                         versions prior to 6.3.10.

=====================================================================
https://www.zoom.com/en/trust/security-bulletin/zsb-25030/?cms_guid=false&lang=null
_____________________________________________________________________

Zoom Clients for Windows - Untrusted Search Path

    Bulletin: ZSB-25030
    CVEID: CVE-2025-49457
    CVSS Severity: Critical
    CVSS Score: 9,6
    CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Description:

Untrusted search path in certain Zoom Clients for Windows may allow
an unauthenticated user to conduct an escalation of privilege via
network access.

 

Users can help keep themselves secure by applying the latest updates
available at https://zoom.us/download.


Affected Products:

    Zoom Workplace for Windows before version 6.3.10
    Zoom Workplace VDI for Windows before version 6.3.10
(except 6.1.16 and 6.2.12)
    Zoom Rooms for Windows before version 6.3.10
    Zoom Rooms Controller for Windows before version 6.3.10
    Zoom Meeting SDK for Windows before version 6.3.10

Source:

Reported by Zoom Offensive Security.


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================