Overview

• Zoom released version 6.3.10 to fix CVE-2025-49457, an untrusted-search-path vulnerability in its Windows clients that could allow unauthenticated privilege escalation over the network.
• Xerox updated FreeFlow Core to version 8.0.4, addressing multiple flaws including CVE-2025-8356, a path-traversal bug leading to remote code execution, and an XXE/SSRF issue (CVE-2025-8355).
• Security assessments warn that both Zoom’s and Xerox’s vulnerabilities are rated above 9 on the CVSS scale, making them easy to exploit with minimal complexity.
• Millions of endpoints running Zoom Windows clients and Xerox FreeFlow Core servers are at risk, heightening the potential for large-scale data theft, malware installation, or lateral movement.
• Administrators are urged to deploy the Zoom and Xerox updates immediately and to enforce network-level controls for any systems that remain unpatched.