CVE-2025-49461

Q: What is the severity of CVE-2025-49461?

CVE-2025-49461 has a CVSS score of 4.3 (MEDIUM). A cross-site scripting vulnerability in certain Zoom Workplace Clients allows unauthenticated attackers to conduct denial of service attacks via network access. This affects users running vulnerable versions of Zoom Workplace Clients who interact with malicious content. The vulnerability enables attackers to disrupt normal client functionality through crafted network requests.

4.3 MEDIUM

Cross-Site Scripting Denial of Service

📋 TL;DR

A cross-site scripting vulnerability in certain Zoom Workplace Clients allows unauthenticated attackers to conduct denial of service attacks via network access. This affects users running vulnerable versions of Zoom Workplace Clients who interact with malicious content. The vulnerability enables attackers to disrupt normal client functionality through crafted network requests.

💻 Affected Systems

Products:

Zoom Workplace Client

Versions: Specific versions listed in ZSB-25034 advisory (check vendor bulletin for exact ranges)

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Zoom Workplace Clients, not Zoom Meeting clients or other Zoom products. Requires user interaction with malicious content.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete disruption of Zoom Workplace Client functionality for affected users, preventing legitimate use of the application until restarted or patched.

🟠

Likely Case

Temporary denial of service affecting individual users' Zoom Workplace Clients, requiring application restart to restore functionality.

🟢

If Mitigated

Minimal impact with proper network segmentation and client-side security controls in place.

🌐 Internet-Facing: MEDIUM - Attackers can exploit via network access, but requires user interaction with malicious content.

🏢 Internal Only: LOW - Internal network exploitation would require internal threat actors or compromised internal systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting malicious content that triggers the XSS vulnerability, leading to DoS conditions. No authentication required for initial network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check ZSB-25034 for specific patched versions

Vendor Advisory: https://www.zoom.com/en/trust/security-bulletin/ZSB-25034

Restart Required: Yes

Instructions:

1. Open Zoom Workplace Client. 2. Click your profile picture. 3. Select 'Check for Updates'. 4. Install any available updates. 5. Restart the application.

🔧 Temporary Workarounds

Disable automatic content loading

all

Configure Zoom Workplace to require manual approval for loading external content

Network filtering

all

Implement network filtering to block suspicious content delivery to Zoom clients

🧯 If You Can't Patch

Implement strict network segmentation to isolate Zoom clients from untrusted networks
Deploy endpoint protection with behavior monitoring to detect DoS attempts

🔍 How to Verify

Check if Vulnerable:

Check Zoom Workplace Client version against affected versions listed in ZSB-25034 advisory

Check Version:

In Zoom Workplace Client: Click profile picture → About → Check version number

Verify Fix Applied:

Verify Zoom Workplace Client version is updated to patched version specified in ZSB-25034

📡 Detection & Monitoring

Log Indicators:

Zoom client crash logs
Unexpected termination events
Error messages related to content parsing

Network Indicators:

Unusual network requests to Zoom clients
Patterns of crafted content delivery

SIEM Query:

source="zoom_client" AND (event_type="crash" OR event_type="error") AND message CONTAINS "content"

📊 Metadata

CVE ID: CVE-2025-49461

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE: CWE-79

EPSS Score: 0.04% exploit probability (12.5th percentile)

Published: September 9, 2025

Last Updated: October 6, 2025

🔗 References

https://www.zoom.com/en/trust/security-bulletin/ZSB-25034 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Meeting Software Development Kit by Zoom

Meeting Software Development Kit by Zoom

Meeting Software Development Kit by Zoom

Meeting Software Development Kit by Zoom

Rooms by Zoom

Rooms by Zoom

Rooms by Zoom

Rooms by Zoom

Rooms Controller by Zoom

Rooms Controller by Zoom

Rooms Controller by Zoom

Rooms Controller by Zoom

Workplace by Zoom

Workplace Desktop by Zoom

Workplace Desktop by Zoom

Workplace Desktop by Zoom

Workplace Virtual Desktop Infrastructure by Zoom

Workplace Virtual Desktop Infrastructure by Zoom

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable automatic content loading

Network filtering

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities