A security vulnerability has been discovered in Zoom Workplace’s VDI Client for Windows that could allow attackers to escalate their privileges on affected systems.
The flaw, tracked as CVE-2025-64740 and assigned bulletin ZSB-25042, has been rated as High severity with a CVSS score of 7.5.
| Attribute | Details |
|---|---|
| CVE ID | CVE-2025-64740 |
| Bulletin ID | ZSB-25042 |
| Product | Zoom Workplace VDI Client for Windows |
| Vulnerability Type | Improper Verification of Cryptographic Signature |
| Attack Vector | Local |
| Severity | High |
| CVSS Score | 7.5 |
Understanding the Vulnerability
The weakness stems from improper verification of cryptographic signatures in the Zoom Workplace VDI Client installer.
In simpler terms, the installer doesn’t properly verify that installation files are legitimate before executing them.
This oversight creates an opportunity for attackers who have already gained local access to a system to escalate their permissions, moving from a regular user account to an administrator-level account.
This isn’t a remote attack where hackers can infiltrate systems from the internet. Instead, it requires an attacker already to have authentication and local access to the target machine.
However, once inside, they can exploit this flaw to gain complete control, potentially compromising sensitive data or installing malware that affects the entire organization.
Security researchers at Mandiant, a leading threat intelligence firm owned by Google, discovered and reported this vulnerability to Zoom.
Mandiant’s identification of this flaw highlights the importance of specialized security research in protecting enterprise software.
Organizations using Zoom Workplace VDI Client for Windows are at risk if they’re running versions before:
- Version 6.3.14
- Version 6.4.12
- Version 6.5.10
The vulnerability affects all earlier versions across these respective tracks. VDI (Virtual Desktop Infrastructure) environments are critical in enterprise settings, making this discovery especially important for organizations that rely on virtual desktops for remote work and secure computing.
The CVSS score of 7.5 reflects the serious nature of this flaw. While it requires the attacker to have already local system access and user interaction to exploit, the potential impact is severe.
A successful attack could allow unauthorized privilege escalation, enabling attackers to execute arbitrary code with elevated permissions, access restricted files, or compromise system integrity.
Zoom has released patched versions addressing this vulnerability. Organizations should immediately update their Zoom Workplace VDI Client installations to the latest available versions.
Zoom users can download and install the latest security updates from the official Zoom download center.
For security teams managing VDI environments, prioritizing this update is essential. The combination of Mandiant’s discovery and Zoom’s quick patch release demonstrates the importance of staying current with security updates.
If your organization uses Zoom Workplace VDI Client for Windows, treat this update as urgent. While the vulnerability requires existing system access to exploit, the potential for privilege escalation makes it a significant security risk.
Update immediately to the patched versions to eliminate this attack vector and maintain your security posture.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.