A critical buffer overflow vulnerabilities in multiple Zoom clients for Windows that could enable authorized users to launch denial-of-service attacks through network access.
The vulnerabilities, tracked as CVE-2025-49464 and CVE-2025-46789, both carry a medium severity rating with CVSS scores of 6.5, highlighting significant security concerns for organizations relying on Zoom’s communication platform.
These classic buffer overflow vulnerabilities affect numerous Zoom products including Workplace, VDI, Rooms, and Meeting SDK implementations, requiring immediate attention from IT administrators and users to prevent potential service disruptions.
Two distinct but similarly structured vulnerabilities have been uncovered in Zoom’s Windows client software, both representing classic buffer overflow conditions that pose substantial security risks.
CVE-2025-49464 and CVE-2025-46789 share identical CVSS vector strings (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H), indicating that both vulnerabilities can be exploited remotely with low attack complexity by authenticated users without requiring user interaction.
The technical nature of these buffer overflow vulnerabilities suggests that malicious actors could potentially cause memory corruption by sending specially crafted network packets to vulnerable Zoom clients.
While the vulnerabilities do not appear to compromise confidentiality or integrity of data, they pose a significant availability threat, enabling attackers to render Zoom services unusable through targeted denial-of-service attacks.
The fact that both vulnerabilities require only low-level privileges for exploitation makes them particularly concerning for enterprise environments where multiple users have access to Zoom services.
Both security vulnerabilities were responsibly disclosed by security researcher fre3dm4n, demonstrating the importance of collaborative security research in identifying and addressing software vulnerabilities before they can be exploited maliciously.
The consistent reporting source and similar vulnerability characteristics suggest these may be related issues within Zoom’s codebase that require comprehensive remediation efforts.
The scope of these vulnerabilities extends across Zoom’s entire Windows product ecosystem, affecting critical business communication tools used by millions of organizations worldwide. The impact can be broken down as follows:
CVE-2025-49464 affects:
CVE-2025-46789 affects:
The overlapping but distinct version requirements indicate that organizations may need to implement multiple update cycles to fully address both vulnerabilities, particularly if they are running different Zoom products with varying version levels.
Zoom has responded promptly to these security discoveries by releasing updated versions that address both vulnerabilities across their Windows product suite.
The company strongly recommends that all users immediately download and install the latest updates.
Organizations should prioritize updating all Zoom Windows clients to the latest available versions, implementing systematic patch management procedures to ensure comprehensive coverage across their entire Zoom deployment.
IT administrators should conduct thorough inventories of all Zoom products in use and verify that each installation meets or exceeds the minimum secure version requirements for both identified vulnerabilities.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
PortSwigger has leveled up Burp Suite's scanning arsenal with the latest Active Scan++ extension, version…
Unit 42 researchers at Palo Alto Networks exposed serious flaws in the Model Context Protocol…
Polish police have arrested three Ukrainian men traveling through Europe and seized a cache of…
Google has launched its most significant Chrome update ever, embedding Gemini AI across the browser…
Attackers exploit this vulnerability through the router's web interface components, specifically "cgibin" and "hnap_main," by…
Security researchers have uncovered a severe flaw in Apache Tika, a popular open-source toolkit for…