Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2025-49460

CVE-2025-49460: Zoom Meeting SDK DOS Vulnerability

CVE-2025-49460 is a denial of service vulnerability in Zoom Meeting Software Development Kit caused by uncontrolled resource consumption. This article covers the technical details, affected versions, security impact, and mitigation.

Updated:

CVE-2025-49460 Overview

CVE-2025-49460 is an uncontrolled resource consumption vulnerability [CWE-400] affecting multiple Zoom Workplace Clients. An unauthenticated remote attacker can trigger a denial of service condition over the network without user interaction. Zoom disclosed the issue in security bulletin ZSB-25033 on September 9, 2025.

The flaw impacts Zoom Workplace Desktop, Zoom Rooms, Zoom Rooms Controller, the Zoom Meeting SDK, and Zoom Workplace VDI across Windows, macOS, Linux, Android, and iOS platforms. Successful exploitation degrades availability of the affected client, which can interrupt meetings and collaboration services in enterprise environments.

Critical Impact

Unauthenticated network-based denial of service against widely deployed Zoom Workplace endpoints, with availability impact rated High and no privileges or user interaction required.

Affected Products

  • Zoom Workplace Desktop (Windows, macOS, Linux) and Zoom Workplace for iPhone OS
  • Zoom Rooms and Zoom Rooms Controller (Windows, macOS, Linux, Android, iPadOS)
  • Zoom Meeting SDK (Windows, macOS, Linux, Android) and Zoom Workplace VDI for Windows

Discovery Timeline

  • 2025-09-09 - Zoom publishes security bulletin ZSB-25033
  • 2025-09-09 - CVE-2025-49460 published to NVD
  • 2025-10-17 - Last updated in NVD database

Technical Details for CVE-2025-49460

Vulnerability Analysis

The vulnerability is classified as uncontrolled resource consumption [CWE-400] in Zoom Workplace Client components. An attacker reachable over the network can send crafted traffic that causes the client to consume excessive system resources, resulting in client unresponsiveness or termination.

No confidentiality or integrity impact is reported. The flaw is limited to availability, but the breadth of affected platforms increases exposure across enterprise meeting infrastructure. Because the attack requires no authentication and no user interaction, exploitation can be automated against exposed clients.

Root Cause

The underlying weakness is improper control over the allocation and management of finite system resources during network message handling in the Zoom client. When the client processes specific network input, it fails to enforce limits on memory, CPU, or other resources, allowing an attacker to exhaust them.

Attack Vector

Exploitation occurs over the network against a vulnerable Zoom Workplace Client. An attacker sends specially crafted traffic that triggers excessive resource consumption in the client process. The result is denial of service, which may manifest as application hang, crash, or system slowdown until the client is restarted and patched.

Zoom has not published technical details, proof-of-concept code, or indicators tied to in-the-wild exploitation. Refer to the Zoom Security Bulletin ZSB-25033 for vendor guidance and fixed version information.

Detection Methods for CVE-2025-49460

Indicators of Compromise

  • Repeated crashes, hangs, or abnormal restarts of Zoom Workplace, Zoom Rooms, or Zoom Meeting SDK processes correlated with inbound network activity.
  • Sustained spikes in CPU or memory consumption attributed to Zoom client processes without a corresponding active meeting workload.
  • Unexpected disconnections from Zoom services on multiple endpoints within the same time window.

Detection Strategies

  • Monitor endpoint telemetry for Zoom client process crashes and unusual termination events tied to network events.
  • Correlate outbound and inbound traffic to Zoom client listening ports with sudden resource utilization changes on the host.
  • Track installed Zoom client versions across the fleet and flag endpoints running versions below those listed as fixed in ZSB-25033.

Monitoring Recommendations

  • Enable application crash reporting and forward Zoom client crash events to a centralized logging or SIEM platform.
  • Baseline normal resource usage for Zoom processes and alert on deviations exceeding the baseline.
  • Review network logs for repeated connection attempts or malformed traffic targeting Zoom client endpoints.

How to Mitigate CVE-2025-49460

Immediate Actions Required

  • Inventory all instances of Zoom Workplace Desktop, Zoom Rooms, Zoom Rooms Controller, Zoom Meeting SDK, and Zoom Workplace VDI across the environment.
  • Upgrade affected clients to the fixed versions specified in Zoom Security Bulletin ZSB-25033.
  • Prioritize patching of Zoom Rooms appliances and shared meeting endpoints that are typically exposed to broader network segments.

Patch Information

Zoom has released fixed versions of the affected clients. Consult ZSB-25033 for the exact fixed version numbers per product and platform, and apply updates through your standard software distribution mechanism.

Workarounds

  • Restrict network reachability to Zoom client endpoints using host-based firewalls and network segmentation where feasible.
  • Limit Zoom Rooms and Zoom Rooms Controller exposure to trusted management networks only.
  • Where immediate patching is not possible, monitor for repeated client crashes and restart affected services as a temporary recovery measure.
bash
# Example: query installed Zoom client version on Windows endpoints
Get-ItemProperty "HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*" |
  Where-Object { $_.DisplayName -like "*Zoom*" } |
  Select-Object DisplayName, DisplayVersion, Publisher

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne