Zoom and Xerox have addressed critical security flaws in Zoom Clients for Windows and FreeFlow Core that could allow privilege escalation and remote code execution.

The vulnerability impacting Zoom Clients for Windows, tracked as CVE-2025–49457 (CVSS score: 9.6), relates to a case of an untrusted search path that could pave the way for privilege escalation.

“Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access,” Zoom said in a security bulletin on Tuesday.