A serious security flaw was recently discovered in the Zoom Workplace VDI Client for Windows, allowing low-level users to escalate privileges and take control of the entire system. The vulnerability, which carries the identifier CVE-2025-64740, was announced by Zoom in the ZSB-25042 security bulletin with CVSS score 7.5, indicating a high level of risk, particularly for corporate environments using VDI infrastructure.
According to the analysis, CVE-2025-64740 stemmed from errors made during integrity checks and digital signature authentication of the Zoom VDI Client installation components. This error allows an attacker to insert and execute unreliable components during the installation or update of software at the local machine. While mining requires the attacker to have local access rights and needs user interaction, when the mining sequence is successful, the attacker can gain system permissions (SYSTEM), from which the code is executed at the highest privilege level, and complete control over the target virtual machine or VDI server is gained.
The vulnerability affected multiple versions of the Zoom Workplace VDI Client for Windows, including versions from 6.3.0 to 6,3.13, from 6,4.0 up to 6.4.11, and from6.5.0 down to 6.5.9. Therefore, administrators are recommended to check the Zoom version that is deployed on each endpoint by visiting the Help menu in the app, identifying systems within the affected range, and developing a suitable patch plan, prioritizing those containing sensitive data or belonging to a high-access user group.
CVE – 2025-64740 is particularly dangerous in VDI environments due to user concentration and data. An infringed user account can become a springboard for attackers to move sideways in the system, escalate privileges on various virtual machines, access internal data repositories, or disrupt the service. With organizations with large numbers of VDI endpoints and less stringent decentralization policies, the consequences can be widespread, entailing financial, legal, and reputation risks.
Zoom recommends that users and administrators update immediately to the latest version from the official download source. In addition to bug fixes, organizations need to enhance endpoint security by applying the principle of minimum privilege, limiting the right to install software, controlling allowed applications, and closely monitoring the installation and update processes on VDI systems. These measures help minimize the risk of exploitation and limit the impact if an incident occurs.
