Untrusted Search Path Vulnerability in Zoom Workplace Apps for Windows
CVE-2025-0145

4.6MEDIUM

Key Information:

Vendor: Zoom Communications, Inc
Status: Zoom Workplace Apps For Windows
Vendor: CVE Published:; 30 January 2025

Summary

A vulnerability exists in the installer for Zoom Workplace Apps for Windows that allows an authorized user to exploit an untrusted search path. This flaw could enable the user to escalate privileges via local access, potentially compromising system integrity. It is crucial for users to be aware of this issue and implement necessary mitigations advised by the vendor.

Affected Version(s)

Zoom Workplace Apps for Windows Windows see references

References

https://www.zoom.com/en/trust/security-bulletin/zsb-25004/

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 30, 2025
Vulnerability Reserved
Dec 23, 2024