CVE-2025-64740 - Vulnerability Details - OpenCVE

Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Microsoft	Windows
Zoom	Workplace Workplace App Zoom Zoom Client

No data.

No data.

References

Link	Providers
https://www.zoom.com/en/trust/security-bulletin/ZSB-25042

History

Fri, 14 Nov 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 14 Nov 2025 09:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Microsoft Microsoft windows Zoom Zoom workplace Zoom workplace App Zoom zoom Zoom zoom Client
Vendors & Products		Microsoft Microsoft windows Zoom Zoom workplace Zoom workplace App Zoom zoom Zoom zoom Client

Thu, 13 Nov 2025 14:45:00 +0000

Type	Values Removed	Values Added
Description		Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
Title		Zoom Workplace VDI Client for Windows - Improper Verification of Cryptographic Signature
Weaknesses		CWE-347
References		https://www.zoom.com/en/trust/security-bulletin/ZSB-25042
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: Zoom

Published: 2025-11-13T14:35:39.025Z

Updated: 2025-11-14T16:51:22.757Z

Reserved: 2025-11-10T19:56:35.266Z

Link: CVE-2025-64740

Vulnrichment

Updated: 2025-11-13T15:40:13.168Z

NVD

Status : Awaiting Analysis

Published: 2025-11-13T15:15:53.820

Modified: 2025-11-14T16:42:03.187

Link: CVE-2025-64740

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-64740", "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "state": "PUBLISHED", "assignerShortName": "Zoom", "dateReserved": "2025-11-10T19:56:35.266Z", "datePublished": "2025-11-13T14:35:39.025Z", "dateUpdated": "2025-11-14T16:51:22.757Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Zoom Workplace VDI Client", "vendor": "Zoom Communications Inc.", "versions": [{"status": "affected", "version": "see references"}]}], "datePublic": "2025-11-11T13:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(247, 247, 248);\">Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access.</span><br>"}], "value": "Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-347", "description": "CWE-347 Improper Verification of Cryptographic Signature", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "shortName": "Zoom", "dateUpdated": "2025-11-13T14:35:39.025Z"}, "references": [{"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-25042"}], "source": {"discovery": "UNKNOWN"}, "title": "Zoom Workplace VDI Client for Windows - Improper Verification of Cryptographic Signature", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-14T04:55:32.349914Z", "id": "CVE-2025-64740", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-14T16:51:22.757Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-64740", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-11-14T04:55:32.349914Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-13T15:40:13.168Z"}}], "cna": {"title": "Zoom Workplace VDI Client for Windows - Improper Verification of Cryptographic Signature", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Zoom Communications Inc.", "product": "Zoom Workplace VDI Client", "versions": [{"status": "affected", "version": "see references"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "datePublic": "2025-11-11T13:00:00.000Z", "references": [{"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-25042"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(247, 247, 248);\">Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-347", "description": "CWE-347 Improper Verification of Cryptographic Signature"}]}], "providerMetadata": {"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "shortName": "Zoom", "dateUpdated": "2025-11-13T14:35:39.025Z"}}}, "cveMetadata": {"cveId": "CVE-2025-64740", "state": "PUBLISHED", "dateUpdated": "2025-11-14T16:51:22.757Z", "dateReserved": "2025-11-10T19:56:35.266Z", "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "datePublished": "2025-11-13T14:35:39.025Z", "assignerShortName": "Zoom"}, "dataVersion": "5.2"}