{"id":220059,"date":"2025-08-14T03:22:09","date_gmt":"2025-08-14T08:22:09","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/08\/zoom-and-xerox-release-critical-security-updates-fixing-privilege-escalation-and-rce-flaws"},"modified":"2025-08-14T03:22:09","modified_gmt":"2025-08-14T08:22:09","slug":"zoom-and-xerox-release-critical-security-updates-fixing-privilege-escalation-and-rce-flaws","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/08\/zoom-and-xerox-release-critical-security-updates-fixing-privilege-escalation-and-rce-flaws","title":{"rendered":"Zoom and Xerox Release Critical Security Updates Fixing Privilege Escalation and RCE Flaws"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/zoom-and-xerox-release-critical-security-updates-fixing-privilege-escalation-and-rce-flaws.jpg\"><\/a><\/p>\n<p>Zoom and Xerox have addressed critical security flaws in Zoom Clients for Windows and FreeFlow Core that could allow privilege escalation and remote code execution.<\/p>\n<p>The vulnerability impacting Zoom Clients for Windows, tracked as <strong>CVE-2025\u201349457<\/strong> (CVSS score: 9.6), relates to a case of an untrusted search path that could pave the way for privilege escalation.<\/p>\n<p>\u201cUntrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access,\u201d Zoom <a href=\"https:\/\/www.zoom.com\/en\/trust\/security-bulletin\/zsb-25030\/\" rel=\"noopener\" target=\"_blank\">said<\/a> in a security bulletin on Tuesday.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Zoom and Xerox have addressed critical security flaws in Zoom Clients for Windows and FreeFlow Core that could allow privilege escalation and remote code execution. The vulnerability impacting Zoom Clients for Windows, tracked as CVE-2025\u201349457 (CVSS score: 9.6), relates to a case of an untrusted search path that could pave the way for privilege escalation. [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1492],"tags":[],"class_list":["post-220059","post","type-post","status-publish","format-standard","hentry","category-security"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/220059","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=220059"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/220059\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=220059"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=220059"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=220059"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}