CVE-2025-0145
MEDIUMCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L
Lifecycle Timeline
2Tags
Description
Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalation of privilege via local access.
Analysis
Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalation of privilege via local access. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.
Technical Context
This vulnerability is classified under CWE-426. Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalation of privilege via local access. Affected products include: Zoom Meeting Software Development Kit, Zoom Rooms, Zoom Rooms Controller, Zoom Video Software Development Kit, Zoom Workplace Desktop.
Affected Products
Zoom Meeting Software Development Kit, Zoom Rooms, Zoom Rooms Controller, Zoom Video Software Development Kit, Zoom Workplace Desktop.
Remediation
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today