CVE-2025-64740

Published Nov 13, 2025

Last updated 2 months ago

CVSS high 7.5

Overview

Description
Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
Source
security@zoom.us
NVD status
Analyzed
Products
workplace_virtual_desktop_infrastructure

Risk scores

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

security@zoom.us
CWE-347

Social media

Hype score
Not currently trending

  1. Zoom VDIクライアント(Windows)に高深刻度の脆弱性(CVE-2025-64740) https://t.co/eLjuMQQznn #セキュリティ対策Lab #セキュリティ #Security

    @securityLab_jp

    19 Nov 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. ⚠️Vulnerabilidades en productos Zoom ❗CVE-2025-62484 ❗CVE-2025-64741 ❗CVE-2025-64740 ➡️Más info: https://t.co/h5m2HMROQ2 https://t.co/f9IPEtac4V

    @CERTpy

    14 Nov 2025

    85 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-64740 Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation o… https://t.co/s4pVb2V2rF

    @CVEnew

    13 Nov 2025

    158 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Une faille critique (CVE-2025-64740) touche Zoom Workplace VDI pour Windows : une mauvaise vérification cryptographique permet une élévation de privilèges locale. Les versions <6.3.14 / 6.4.12 / 6.5.10 sont vulnérables. Mettez à jour dès maintenant ©️Zoom Bulletin

    @williamboamson

    13 Nov 2025

    30 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Critical vulnerability (CVE-2025-64740) in Zoom Workplace VDI Client for Windows allows privilege escalation. Update to versions 6.3.14, 6.4.12, or 6.5.10 immediately. Link: https://t.co/vuAWOGdTNS #Security #Vulnerability #Zoom #Windows #Update #CVE #Privacy #Patch #Critical htt

    @dailytechonx

    12 Nov 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access.CVE-2025-64739
  2. Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access.CVE-2025-62483
  3. Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via adjacent access.CVE-2025-30669
  4. Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access.CVE-2025-58132
  5. Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network access.CVE-2025-58135

References

Sources include official advisories and independent security research.