A security vulnerability has been discovered in Zoom Workplace VDI Client for Windows that could allow attackers to gain elevated privileges on affected systems.
The flaw, tracked as CVE-2025-64740, has been assigned a high severity rating with a CVSS score of 7.5, according to Zoom’s security bulletin ZSB-25042.
The vulnerability stems from improper verification of cryptographic signatures in the Zoom Workplace VDI Client for Windows installer.
This weakness can be exploited by an authenticated user with local access to escalate their privileges on the system.
Zoom Workplace for Windows Vulnerability
When successfully exploited, attackers could gain higher-level permissions, potentially executing unauthorized commands, accessing sensitive data, or compromising system integrity.
The security flaw affects Zoom Workplace VDI Client for Windows versions before 6.3.14, 6.4.12, and 6.5.10 in their respective tracks.
While the vulnerability requires local access and user interaction, making it somewhat complex to exploit, the potential impact remains significant.
The CVSS vector string indicates it can affect confidentiality, integrity, and availability of the compromised system.
| Bulletin | CVE ID | CVSS Score | CVSS Vector | Affected Products |
|---|---|---|---|---|
| ZSB-25042 | CVE-2025-64740 | 7.5 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H | Zoom Workplace VDI Client for Windows before versions 6.3.14, 6.4.12 and 6.5.10 |
Privilege escalation vulnerabilities are particularly concerning in enterprise environments where Zoom is widely deployed for remote work and virtual desktop infrastructure.
Attackers who already have limited access to a system could exploit this flaw to gain administrative rights, bypass security controls, and potentially move laterally across networks to compromise additional resources.
The improper cryptographic signature verification means the installer cannot properly validate whether the software being installed is legitimate or has been corrupted.
This creates an opportunity for threat actors to manipulate the installation process and inject malicious code with elevated permissions.
Zoom has released security updates to address this vulnerability and strongly recommends that all users update their Zoom Workplace VDI Client for Windows immediately.
Organizations using affected versions should prioritize patching to mitigate the risk of exploitation. Users can download the latest secure versions from Zoom’s official download page at zoom.us/download.
System administrators should verify that all installations across their organization are updated to versions 6.3.14, 6.4.12, 6.5.10, or later, depending on their deployment track.
This disclosure underscores the importance of maintaining up-to-date software, especially for widely used communication platforms in enterprise settings.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
