CVE-2025-0145

CVSS 3.1 Score 4.6 of 10 (medium)

Details

Published Jan 30, 2025

CWE ID 426

Summary

CVE-2025-0145 is a vulnerability affecting some installers for Zoom Workplace Apps on Windows systems. The issue lies in an untrusted search path, which can enable an authorized user to perform a local escalation of privilege attack. By manipulating the installer's file search process, an attacker can potentially gain elevated system permissions, compromising the affected system's security. Users are advised to update their Zoom installers to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Video SDK

Affected Vendors

Zoom Video Communications, Inc

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2dcxvC
https://www.cve.org/CVERecord?id=CVE-2025-0145
https://nvd.nist.gov/vuln/detail/CVE-2025-0145

Back to Vulnerability Database