Latest Cyber Security News

You are here: Home / General Cyber Security News / Zoom and Xerox Release Critical Security Updates Fixing Privilege Escalation and RCE Flaws
August 13, 2025

Zoom and Xerox have addressed critical security flaws in Zoom Clients for Windows and FreeFlow Core that could allow privilege escalation and remote code execution.

The vulnerability impacting Zoom Clients for Windows, tracked as CVE-2025-49457 (CVSS score: 9.6), relates to a case of an untrusted search path that could pave the way for privilege escalation.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access,” Zoom said in a security bulletin on Tuesday.

The issue, reported by its own Offensive Security team, affects the following products –

  • Zoom Workplace for Windows before version 6.3.10
  • Zoom Workplace VDI for Windows before version 6.3.10 (except 6.1.16 and 6.2.12)
  • Zoom Rooms for Windows before version 6.3.10
  • Zoom Rooms Controller for Windows before version 6.3.10
  • Zoom Meeting SDK for Windows before version 6.3.10

Cybersecurity

The disclosure comes as multiple vulnerabilities have been disclosed in Xerox FreeFlow Core, the most severe of which could result in remote code execution. The issues, which have been addressed in version 8.0.4, include –

  • CVE-2025-8355 (CVSS score: 7.5) – XML External Entity (XXE) injection vulnerability leading to server-side request forgery (SSRF)
  • CVE-2025-8356 (CVSS score: 9.8) – Path traversal vulnerability leading to remote code execution

“These vulnerabilities are rudimentary to exploit and if exploited, could allow an attacker to execute arbitrary commands on the affected system, steal sensitive data, or attempt to move laterally into a given corporate environment to further their attack,” Horizon3.ai said.

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.


Some parts of this article are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *