← back
CVE-2025-0145

Zoom Workplace Apps for Windows - Untrusted Search Path

CVSS 4.6 MEDIUMEPSS 0.2%CWE-426
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.6EPSS 0.2%KEV nãoPoC Patch
Lifecycle
30 Jan 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalation of privilege via local access.
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L
Affected products
Zoom Communications, Inc · Zoom Workplace Apps for Windows

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.zoom.com/en/trust/security-bulletin/zsb-25004/