Zoom and Xerox Release Urgent Security Updates to Address Privilege Escalation and RCE Vulnerabilities

Aug 13, 2025
Vulnerability / Software Security

Zoom and Xerox have released critical security updates for Zoom Clients on Windows and FreeFlow Core, addressing significant vulnerabilities that could enable privilege escalation and remote code execution (RCE). The flaw in Zoom Clients for Windows, designated as CVE-2025-49457 (CVSS score: 9.6), involves an untrusted search path that may allow an unauthenticated user to escalate privileges via network access.

According to a security bulletin issued by Zoom, the issue was identified by its Offensive Security team and affects the following products:

  • Zoom Workplace for Windows versions prior to 6.3.10
  • Zoom Workplace VDI for Windows versions prior to 6.3.10 (excluding 6.1.16 and 6.2.12)
  • Zoom Rooms for Windows versions prior to 6.3.10
  • Zoom Rooms Controller for Windows versions prior to 6.3.10
  • Zoom Meeting SDK for Windows versions prior to 6.3.10

This disclosure follows the identification of multiple vulnerabilities in critical software platforms.

Zoom and Xerox Patch Serious Security Vulnerabilities

On August 13, 2025, both Zoom and Xerox announced critical updates aimed at mitigating two significant security vulnerabilities found in their respective products. The flaws, affecting Zoom Clients for Windows and Xerox’s FreeFlow Core, present risks of privilege escalation and remote code execution.

The vulnerability associated with Zoom Clients for Windows, designated CVE-2025-49457, has received a high severity score of 9.6 on the Common Vulnerability Scoring System (CVSS). The issue stems from an untrusted search path that enables an unauthenticated user to leverage network access for privilege escalation. In a security bulletin released on Tuesday, Zoom detailed that this vulnerability impacts several versions of their software, including Zoom Workplace for Windows and Zoom Rooms, all prior to version 6.3.10, with certain exceptions.

The identification of this vulnerability originated from internal assessments conducted by Zoom’s Offensive Security team. It has been confirmed that the issue could potentially allow attackers to exploit these weaknesses, thereby gaining elevated privileges within affected systems. This scenario is particularly troubling for businesses, as the implications of such vulnerabilities could lead to unauthorized access and data breaches, not just within Zoom’s ecosystem but also extending to interconnected systems in organizational networks.

Companies utilizing Zoom’s platform for remote work, video communications, and online meetings should prioritize the implementation of these security patches to prevent any potential exploitation. The targeted versions are widely utilized in a variety of sectors, thereby increasing the risk profile for many organizations. Both Zoom and Xerox are based in the United States, highlighting the domestic cybersecurity risks that business owners must navigate.

From a cybersecurity perspective, this incident can be analyzed through the lens of the MITRE ATT&CK framework. The tactics of privilege escalation and initial access are particularly relevant, as adversaries may have exploited these vulnerabilities to gain footholds in organizational environments. Such behavior is characteristic of a structured attack vector that seeks both persistence within systems and control over targeted networks.

The criticality of this situation reinforces the need for businesses to remain vigilant regarding software updates and vulnerabilities. Awareness and prompt action can prevent potential breaches, thereby safeguarding sensitive information and maintaining organizational integrity. As cyber threats continue to evolve, the responsibility falls on business owners to ensure their defenses are robust and up-to-date.

Source link

Related Posts

New PS1Bot Malware Campaign Utilizes Malvertising for Multi-Stage In-Memory Attacks

Aug 13, 2025
Malvertising / Cryptocurrency

Cybersecurity experts have identified a new malvertising campaign aimed at deploying a multi-stage malware framework known as PS1Bot. Researchers Edmund Brumaghin and Jordyn Dunk from Cisco Talos explained that “PS1Bot features a modular architecture, incorporating various modules for malicious activities such as information theft, keylogging, reconnaissance, and creating persistent access to compromised systems.” The design emphasizes stealth, leaving minimal traces on infected machines and using in-memory execution techniques to run subsequent modules without writing them to disk. Since early 2025, campaigns distributing this PowerShell and C# malware have actively exploited malvertising to propagate, executing modules in-memory to reduce forensic footprints.

CISA Adds Two Vulnerabilities in N-able N-central to Its Known Exploited Vulnerabilities Catalog

Aug 14, 2025 | Vulnerability / Network Security

On Wednesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) included two security flaws affecting N-able N-central in its Known Exploited Vulnerabilities (KEV) catalog, due to evidence of active exploitation. N-able N-central is a Remote Monitoring and Management (RMM) platform tailored for Managed Service Providers (MSPs) to effectively manage and safeguard their clients’ Windows, Apple, and Linux endpoints from a centralized platform.

The identified vulnerabilities are as follows:

  • CVE-2025-8875 (CVSS score: N/A): An insecure deserialization vulnerability that may allow for command execution.
  • CVE-2025-8876 (CVSS score: N/A): A command injection vulnerability resulting from improper sanitization of user input.

Both issues have been resolved in N-central versions 2025.3.1 and 2024.6 HF2, released on August 13, 2025. N-able is also advising customers to ensure multi-factor authentication (MFA) is enabled, particularly for admin accounts.

Russian Group EncryptHub Utilizes MSC EvilTwin Vulnerability to Distribute Fickle Stealer Malware

August 16, 2025
Malware / Vulnerability

The cybercriminal organization known as EncryptHub is continuing to take advantage of a recently patched vulnerability in Microsoft Windows to deliver harmful payloads. Trustwave SpiderLabs has reported observing an EncryptHub campaign that combines social engineering tactics with the exploitation of a flaw in the Microsoft Management Console (MMC) framework (CVE-2025-26633, also referred to as MSC EvilTwin), initiating the infection process through a malicious Microsoft Console (MSC) file. According to Trustwave researchers Nathaniel Morales and Nikita Kazymirskyi, “These actions are part of a larger, ongoing wave of malicious activity blending social engineering with technical exploitation to circumvent security defenses and gain control of internal networks.” EncryptHub, also recognized as LARVA-208 and Water Gamayun, is a Russian hacking group that first emerged in mid-2024. Operating at a high pace, this financially motivated team is known for using various strategies, including fraudulent job postings…

Leveraging Wazuh for Achieving Regulatory Compliance

Published on: Aug 18, 2025

In industries that manage sensitive data and personally identifiable information (PII), adherence to regulatory compliance standards is critical. This necessity extends to sectors such as healthcare, finance, government contracting, and education. Key compliance frameworks include:

  • Payment Card Industry Data Security Standard (PCI DSS)
  • General Data Protection Regulation (GDPR)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • NIST Special Publication 800-53
  • Trust Services Criteria (TSC)
  • Cybersecurity Maturity Model Certification (CMMC)

Importance of Compliance

Meeting compliance requirements is essential for several reasons:

  • Protecting organizations from cybersecurity threats, risks, and data breaches.
  • Establishing effective organizational processes that support continuous compliance.