Just lately, two vulnerabilities have been found in particular Zoom Shoppers for Home windows, which might allow attackers to launch Denial of Service (DoS) assaults.
These flaws, tracked underneath CVE-2025-49464 and CVE-2025-46789, have been reported by safety researcher fre3dm4n and carry a Medium severity ranking with a CVSS rating of 6.5 every.
Nature of the Vulnerabilities
Each vulnerabilities stem from a basic buffer overflow concern within the affected Zoom merchandise. This flaw might allow a licensed consumer with community entry to use the system, inflicting a DoS situation that disrupts service availability.
The CVSS vector string for each points, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, signifies a excessive influence on availability, although confidentiality and integrity stay unaffected. Whereas the assault requires low privileges and no consumer interplay, the potential for disruption is critical for organizations counting on Zoom for communication.
The vulnerabilities influence a number of Zoom merchandise for Home windows, with slight variations in affected variations between the 2 CVEs. Beneath is a breakdown of the affected software program:
CVE-2025-49464:
Zoom Office for Home windows earlier than model 6.4.0
Zoom Office VDI for Home windows earlier than model 6.3.10 (besides 6.1.7 and 6.2.15)
Zoom Rooms for Home windows earlier than model 6.4.0
Zoom Rooms Controller for Home windows earlier than model 6.4.0
Zoom Assembly SDK for Home windows earlier than model 6.4.0
CVE-2025-46789:
Zoom Office for Home windows earlier than model 6.4.5
Zoom Office VDI for Home windows earlier than model 6.3.12 (besides 6.2.15)
Zoom Rooms for Home windows earlier than model 6.4.5
Zoom Rooms Controller for Home windows earlier than model 6.4.5
Zoom Assembly SDK for Home windows earlier than model 6.4.5
Zoom has acknowledged these vulnerabilities and launched updates to deal with them. Customers are strongly urged to use the newest patches to guard their programs. The updates can be found for obtain by Zoom’s official portal.
Guaranteeing that software program is updated is a vital step in safeguarding towards potential exploits that would interrupt enterprise operations or private communications.
These vulnerabilities spotlight the continued challenges in securing extensively used communication instruments, particularly as distant work and digital conferences stay integral to many organizations.
Buffer overflow points, whereas basic, proceed to pose dangers when not addressed promptly. For Zoom customers, notably these managing giant groups or delicate operations, staying vigilant about software program updates is important.
Examine stay malware conduct, hint each step of an assault, and make quicker, smarter safety selections -> Strive ANY.RUN now
