CVE-2025-64740

HIGH 7.5

Zoom Workplace VDI Client for Windows - Improper Verification of Cryptographic Signature

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

0th

Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access.

CWE	CWE-347
Vendor	zoom communications inc.
Product	zoom workplace vdi client
Published	Nov 13, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for zoom communications inc. zoom workplace vdi client

Be the first to know when new high vulnerabilities affecting zoom communications inc. zoom workplace vdi client are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Zoom Communications Inc. / Zoom Workplace VDI Client

see references

References

NVD ↗ CVE.org ↗ EPSS Data ↗

zoom.com: https://www.zoom.com/en/trust/security-bulletin/ZSB-25042