CVE-2025-49459 | THREATINT

Description

Missing authorization in the installer for Zoom Workplace for Windows on ARM before version 6.5.0 may allow an authenticated user to conduct an escalation of privilege via local access.

PUBLISHED Reserved 2025-06-04 | Published 2025-09-09 | Updated 2025-09-11 | Assigner Zoom

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-862 Missing Authorization

Product status

Default status

unaffected

Any version before 6.6.0

affected

References

www.zoom.com/en/trust/security-bulletin/ZSB-25032

cve.org (CVE-2025-49459)

nvd.nist.gov (CVE-2025-49459)

Download JSON