1.0 Introduction
Recently, Zoom has released security updates to address the multiple vulnerabilities in Zoom Clients for Windows.
2.0 Impact
These vulnerabilities could be exploited to execute malicious code in the context of the vulnerable application and manipulate application files or configurations, resulting in unauthorized modifications.
3.0 Affected Products
- CVE-2025-49457 (Critical)
- Zoom Workplace for Windows before version 6.3.10
- Zoom Workplace VDI for Windows before version 6.3.10 (except 6.1.16 and 6.2.12)
- Zoom Rooms for Windows before version 6.3.10
- Zoom Rooms Controller for Windows before version 6.3.10
- Zoom Meeting SDK for Windows before version 6.3.10
- CVE-2025-49456 (Medium)
- Zoom Workplace for Windows version 6.4.10
- Zoom Workplace VDI for Windows before version 6.3.12 (except 6.2.15)
- Zoom Rooms for Windows before version 6.4.5
- Zoom Rooms Controller for Windows before version 6.
- Zoom Meeting SDK for Windows before version 6.4.10
4.0 Recommendations
Users and system administrators are encouraged to review the Zoom Security Bulletin and upgrade to the latest version.
Kindly refer to the URL for more information:
- https://www.zoom.com/en/trust/security-bulletin/zsb-25030/
- https://www.zoom.com/en/trust/security-bulletin/zsb-25029/
Generally, CyberSecurity Malaysia advises the users to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact us through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 08:30 -17:30 MYT
Web: https://www.cybersecurity.my
5.0 References