Article Details
Scrape Timestamp (UTC): 2025-08-13 13:23:47.870
Source: https://thehackernews.com/2025/08/zoom-and-xerox-release-critical.html
Original Article Text
Click to Toggle View
Zoom and Xerox Release Critical Security Updates Fixing Privilege Escalation and RCE Flaws. Zoom and Xerox have addressed critical security flaws in Zoom Clients for Windows and FreeFlow Core that could allow privilege escalation and remote code execution. The vulnerability impacting Zoom Clients for Windows, tracked as CVE-2025-49457 (CVSS score: 9.6), relates to a case of an untrusted search path that could pave the way for privilege escalation. "Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access," Zoom said in a security bulletin on Tuesday. The issue, reported by its own Offensive Security team, affects the following products - The disclosure comes as multiple vulnerabilities have been disclosed in Xerox FreeFlow Core, the most severe of which could result in remote code execution. The issues, which have been addressed in version 8.0.4, include - "These vulnerabilities are rudimentary to exploit and if exploited, could allow an attacker to execute arbitrary commands on the affected system, steal sensitive data, or attempt to move laterally into a given corporate environment to further their attack," Horizon3.ai said.
Daily Brief Summary
Zoom has released a patch for a critical vulnerability in Zoom Clients for Windows, identified as CVE-2025-49457, with a CVSS score of 9.6, addressing privilege escalation risks.
The flaw, stemming from an untrusted search path, could allow unauthenticated users to escalate privileges via network access, posing significant security threats to organizations.
Xerox has also patched vulnerabilities in FreeFlow Core, with the most severe allowing potential remote code execution, addressed in the latest version 8.0.4 update.
Exploiting these vulnerabilities could enable attackers to execute arbitrary commands, steal sensitive data, or facilitate lateral movement within corporate networks.
Both companies have issued security bulletins urging users to apply the updates promptly to mitigate potential exploitation risks.
The swift response by Zoom and Xerox highlights the importance of proactive vulnerability management to protect critical systems and data from cyber threats.
Organizations are advised to review their patch management processes to ensure timely deployment of security updates across their IT environments.