CVE-2025-49456
📋 TL;DR
A race condition vulnerability in Zoom Client for Windows installers could allow an unauthenticated local attacker to compromise application integrity during installation. This affects users installing or updating Zoom on Windows systems. Attackers could potentially replace legitimate installation files with malicious ones.
💻 Affected Systems
- Zoom Client for Windows
📦 What is this software?
Rooms by Zoom
⚠️ Risk & Real-World Impact
Worst Case
An attacker could replace legitimate Zoom installation files with malicious executables, leading to complete system compromise, data theft, or persistent backdoor installation.
Likely Case
Local attacker modifies installation files to install malware or tamper with Zoom functionality, potentially leading to credential theft or surveillance.
If Mitigated
With proper access controls and monitoring, impact is limited to potential application corruption requiring reinstallation.
🎯 Exploit Status
Requires precise timing during installation process and local system access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Zoom advisory ZSB-25029 for specific patched versions
Vendor Advisory: https://www.zoom.com/en/trust/security-bulletin/zsb-25029
Restart Required: No
Instructions:
1. Visit Zoom's security bulletin ZSB-25029. 2. Download and install the latest patched version of Zoom Client for Windows. 3. Verify installation completes successfully.
🔧 Temporary Workarounds
Restrict local access during installation
windowsEnsure only authorized users have physical or remote access to systems during Zoom installation/updates.
Verify installer integrity
windowsDownload Zoom installer directly from official Zoom website and verify checksums before installation.
🧯 If You Can't Patch
- Restrict physical and remote access to systems during installation periods
- Monitor for unauthorized file modifications in Zoom installation directories
🔍 How to Verify
Check if Vulnerable:
Check Zoom version against affected versions listed in Zoom advisory ZSB-25029Check Version:
Open Zoom client, click profile picture → Help → About ZoomVerify Fix Applied:
Verify Zoom version is updated to patched version specified in Zoom advisory📡 Detection & Monitoring
Log Indicators:
- Unexpected file modifications in Zoom installation directories during installation
- Multiple installation attempts in short timeframes
Network Indicators:
- Unusual network traffic from Zoom process post-installation
SIEM Query:
Process creation events for Zoom installer followed by unexpected file modifications in Program Files\Zoom