Critical Privilege Escalation and RCE Vulnerabilities Patched in Zoom and Xerox Software

Zoom and Xerox have released patches for critical vulnerabilities in their products. The Zoom vulnerability, CVE-2025-49457 with a CVSS score of 9.6, is a privilege escalation issue stemming from an unreliable search path in Zoom Clients for Windows. Unreliable search path vulnerabilities occur when an application uses a fixed or controllable search path to locate resources, which can be exploited to load malicious files or executables. In this case, an attacker could manipulate the search path to execute code with elevated privileges, potentially leading to complete system compromise. The high CVSS score reflects the severity and potential impact of this vulnerability. Xerox FreeFlow Core is affected by a remote code execution (RCE) vulnerability. While specific details are not provided, RCE vulnerabilities typically arise from improper input validation or memory corruption issues, allowing attackers to execute arbitrary code on the affected system. Both vulnerabilities pose significant risks. For Zoom, which is widely deployed in enterprise environments, an exploited privilege escalation vulnerability could allow attackers to gain control over systems during meetings or through compromised meeting links. For Xerox FreeFlow Core, used in document management workflows, an RCE vulnerability could lead to data leaks or manipulation of sensitive documents. Organizations are advised to apply the patches immediately. Additionally, users should be cautious with links and files in collaboration tools. These vulnerabilities underscore the importance of secure coding practices, such as proper path handling and input validation, and the necessity of timely patch management in cybersecurity.