Analysis Summary

Two medium-severity vulnerabilities, CVE-2025-49464 and CVE-2025-46789, have been discovered in specific Zoom Clients for Windows. Reported by a security researcher, both issues are rooted in classic buffer overflow flaws, which can be exploited by authorized users with network access to trigger Denial of Service (DoS) conditions. Although the CVSS score for both vulnerabilities is medium, they still pose a significant risk to service availability, particularly in enterprise and organizational settings where Zoom plays a critical communication role.

The technical details of these vulnerabilities highlight that both carry the same CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A: H. This indicates that the attack can be executed over a network, requires low privileges, involves no user interaction, and results in a high impact on availability. However, there is no impact on confidentiality or integrity. The absence of user interaction and low attack complexity further increases the potential danger, especially in environments with multiple users and large-scale deployments.

The affected products span a range of Zoom services. For CVE-2025-49464, impacted versions include Zoom Workplace, VDI, Rooms, Rooms Controller, and Meeting SDK for Windows, all prior to version 6.4.0 (with some exceptions like VDI 6.1.7 and 6.2.15). For CVE-2025-46789, the affected versions are those prior to 6.4.5 for the same products, except VDI 6.2.15. The presence of two separate but related CVEs shows that multiple builds were affected in different ways and needed separate patches, demonstrating the complexity of maintaining secure communication platforms.

Zoom has acknowledged the flaws and released patches to mitigate the risk. Users are strongly advised to update all affected Windows clients to the latest versions via Zoom’s official portal. These incidents reinforce the importance of prompt patch management and vigilance in securing remote communication tools, as even long-known vulnerabilities like buffer overflows can have a significant impact when exploited in modern applications.

Impact

• DoS Conditions
• Buffer Overflow

Indicators of Compromise

CVE

• CVE-2025-49464

• CVE-2025-46789

Affected Vendors

Remediation

• Apply the latest Zoom updates from the official portal to ensure protection against both vulnerabilities: CVE-2025-49464 and CVE-2025-46789
• Upgrade Zoom Workplace for Windows to version 6.4.5 or later.
• Upgrade Zoom Workplace VDI for Windows to version 6.3.12 or later (ensure exceptions like 6.2.15 are accounted for).
• Upgrade Zoom Rooms and Zoom Rooms Controller for Windows to version 6.4.5 or later.
• Upgrade Zoom Meeting SDK for Windows to version 6.4.5 or later.
• Regularly check and enforce patch management policies to keep all Zoom clients up to date.
• Restrict internal network access to Zoom services to limit exploitation opportunities by authorized users.
• Monitor systems for unusual behavior or repeated crashes in Zoom applications that may indicate attempted exploitation.
• Use endpoint protection and logging tools to detect any denial-of-service attempts or abnormal usage patterns.
• Inform users and IT administrators about the vulnerabilities and the importance of applying patches promptly.