■■□□□ Zoom and Xerox have addressed critical security flaws in Zoom Clients for Windows and FreeFlow Core that could allow privilege escalation and remote code execution.
The vulnerability impacting Zoom Clients for Windows, tracked as CVE-2025-49457 (CVSS score: 9.6), relates to a case of an untrusted search path that could pave the way for privilege escalation.
Other vulnerabilities:
CVE-2025-8355 (CVSS score: 7.5) – XML External Entity (XXE) injection vulnerability leading to server-side request forgery (SSRF)
CVE-2025-8356 (CVSS score: 9.8) – Path traversal vulnerability leading to remote code execution
https://securitydocs.business.xerox.com/wp-content/uploads/2025/08/Xerox-Security-Bulletin-025-013-for-Freeflow-Core-8.0.5.pdf
https://www.zoom.com/en/trust/security-bulletin/zsb-25030/
https://thehackernews.com/2025/08/zoom-and-xerox-release-critical.html