CVE-2025-49456
EUVD-2025-2452812.08.2025, 23:15
Race condition in the installer for certain Zoom Clients for Windows may allow an unauthenticated user to impact application integrity via local access.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| zoom | meeting_software_development_kit | 𝑥 < 6.4.10 |
| zoom | rooms | 𝑥 < 6.4.5 |
| zoom | rooms_controller | 𝑥 < 6.4.5 |
| zoom | workplace_desktop | 𝑥 < 6.4.10 |
| zoom | workplace_virtual_desktop_infrastructure | 𝑥 < 6.2.15 |
| zoom | workplace_virtual_desktop_infrastructure | 6.3.10 ≤ 𝑥 < 6.3.12 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-426 - Untrusted Search PathThe application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.