Improper Cryptographic Signature Verification in Zoom Workplace VDI Client
CVE-2025-64740

7.5HIGH

Key Information:

Vendor: Zoom
Status: Zoom Workplace Vdi Client
Vendor: CVE Published:; 13 November 2025

What is CVE-2025-64740?

The Zoom Workplace VDI Client for Windows is affected by a vulnerability due to improper verification of cryptographic signatures during installation. This flaw could allow an authenticated user to escalate privileges, potentially leading to unauthorized access and control over the system via local user actions. It is crucial for users and administrators to be aware of this security issue and apply any available patches or mitigations as outlined in the vendor's security bulletin.

Affected Version(s)

Zoom Workplace VDI Client Windows see references

References

https://www.zoom.com/en/trust/security-bulletin/ZSB-25042

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 13, 2025
Vulnerability Reserved
Nov 10, 2025

JSON