Critical security flaws have been identified in Zoom Clients for Windows and Xerox FreeFlow Core, posing risks of privilege escalation and remote code execution. Companies have released updates to mitigate these vulnerabilities, highlighting the importance of timely patching. #CVE202549457 #CVE20258355 #CVE20258356
Keypoints
- A critical privilege escalation vulnerability affects multiple versions of Zoom Clients for Windows.
- The Zoom CVE-2025-49457 vulnerability involves an untrusted search path that could be exploited via network access.
- Xerox FreeFlow Core has multiple vulnerabilities, including XXE injection and path traversal, addressed in version 8.0.4.
- Exploiting these vulnerabilities could allow attackers to execute arbitrary commands or steal sensitive data.
- The disclosed flaws are straightforward to exploit, emphasizing the need for prompt software updates.
Read More: https://thehackernews.com/2025/08/zoom-and-xerox-release-critical.html