- Zoom and Xerox resolved major software vulnerabilities that could enable attackers to gain higher system privileges or run unauthorized code.
- The Zoom flaw, labeled CVE-2025-49457 (CVSS 9.6), affects Windows users and involves untrusted search paths, allowing privilege escalation.
- Several Zoom Windows products released before version 6.3.10 are impacted and updates have been released.
- Xerox FreeFlow Core had two severe issues, CVE-2025-8355 (XML injection) and CVE-2025-8356 (path traversal), potentially leading to remote code execution. A patch is available in version 8.0.4.
- Security experts warn these issues are simple to exploit and could allow attackers to access sensitive information or move within corporate networks.
Zoom and Xerox have fixed two major security problems in widely used software, officials said this week. The flaws could have let Hackers gain higher access than allowed or run malicious programs. Both companies took swift action to address the risks.
The Zoom vulnerability, tracked as CVE-2025-49457 and scoring 9.6 out of 10 on the severity scale (CVSS), impacts Windows users. According to a security bulletin from Zoom, the flaw permits unauthorized users to escalate their privileges via network access because of an “untrusted search path.” This means attackers could run apps with higher system rights than allowed.
The company’s report, based on findings by its own Offensive Security team, outlined which products are affected. These include Zoom Workplace for Windows, Zoom Workplace VDI for Windows, Zoom Rooms for Windows, Zoom Rooms Controller for Windows, and Zoom Meeting SDK for Windows, all before version 6.3.10. Users are urged to update to the latest version to minimize risk.
Xerox also patched several issues in FreeFlow Core software. As explained in a security notice, the most serious flaws are CVE-2025-8355, an XML External Entity (XXE) injection which can lead to server-side request forgery (SSRF), and CVE-2025-8356, a path traversal issue that could allow remote code execution. These problems have been resolved with the release of version 8.0.4.
According to security firm Horizon3.ai, “These vulnerabilities are rudimentary to exploit and if exploited, could allow an attacker to execute arbitrary commands on the affected system, steal sensitive data, or attempt to move laterally into a given corporate environment to further their attack.”
The vulnerabilities highlight ongoing risks in widely used business software. Updates are available and users are strongly advised to apply patches immediately. No reports of public exploitation were mentioned in the companies’ statements.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- AMD Stock Rises 5% as Analysts Bullish Despite China AI Deal
- Crypto Treasury Firms Double, But Most Trade Below Asset Value
- Spot Ethereum ETFs Draw $2.3B in Inflows, Outpacing Issuance
- PS1Bot Malware Targets Crypto Wallets via New 2025 Malvertising Campaign
- Shiba Inu Targets 1,000% Rally as Shibarium Hits $1.5B Milestone
