CVE-2025-0145

low-risk

Published 2025-01-30

Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalation of privilege via local access.

Do I need to act?

0.09% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.6/10 Medium

LOCAL / LOW complexity

Affected Products (6)

Meeting Software Development Kit

Rooms

Rooms Controller

Video Software Development Kit

Workplace Desktop

Workplace Virtual Desktop Infrastructure

Affected Vendors

Zoom

References (1)

Vendor Advisory https://www.zoom.com/en/trust/security-bulletin/zsb-25004/

/ 100

low-risk

Severity 16/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 13/34 · Low