New Zoom VDI Client Vulnerability

Executive Summary

On November 10, 2025, CVE 2025-64740 was identified and given a CVSS score of 7.5 indicating a high severity vulnerability. This vulnerability affects Zoom’s Virtual Desktop Infrastructure (VDI) and allows attackers to install malicious software by taking advantage of an update installer. Affected users should upgrade to the latest version of the software and implement administrative and technical control measures. This vulnerability highlights the importance of defense in depth, and securing the software and tools that we rely on.

Background

Since the COVID-19 pandemic, working from home has become a commonplace in all industries. Zoom’s VDI Client is used to provide remote desktop services to end users in an enterprise environment. It provides secure connectivity to Windows machines from mobile devices, workstations, and thin clients and is a suitable choice to support remote workers [6]. This means that additional layers of security are needed to secure Zoom’s VDI Client to protect against adversaries. 

When CVE-2025-64740 was first discovered it showed no sign of being executed in the real world or in a research environment. This vulnerability has currently been patched in Zoom’s recent update for VDI Client software [3]. This vulnerability stems from VDI Client’s improper verification of signatures. Attacks such as these are primarily associated with supply chain attacks, where hackers disguise malware as legitimate updates to infect devices [1]. This vulnerability’s CVSS score of 7.5 makes it a critical threat that affects organizations using VDI Client on Windows.

Impact

The major threat that CVE-2025-64740 poses is that it could be used to manipulate Zoom’s installation process to install malware disguised as a legitimate update. This creates a significant risk since Zoom’s installer has trusted permissions on a device, which can lead to the installation of persistent malware, malicious code execution, and access to the entire filesystem [2]. Attackers can use this vulnerability to facilitate follow-on attacks to gain SYSTEM-level control and compromise the entire device [4]. Although this vulnerability can only be exploited through physical access to a device, it still opens the doors to possible insider threat scenarios and espionage. 

Mitigation

To mitigate the threat of CVE-2025-64740, it is recommended to install Zoom’s latest security patch on all systems that are affected. It is also good practice to use additional security like the principle of least privilege. This ensures that normal end users do not have administrative control over their workstation which protects these devices from privilege escalation. Using centralized software deployment in an enterprise environment is also recommended to manage and test software before it is distributed across a network. Change management practices should also be implemented to verify and audit new software and check for authenticity to prevent malicious software from being installed [5]. Using these preventative measures adds broad protection to prevent similar vulnerabilities as well. 

Relevance

The CVE-2025-64740 vulnerability affects the widely used Zoom VDI software and gives attackers the ability to gain SYSTEM-level control over a Windows device. If exploited, it can cause significant damage to an organization and is relatively simple to mitigate against. This vulnerability is a good example of using proper controls, at an organizational level to protect against inauthentic updates.

References

[1] Baran, G. (2025, November 11). Zoom Vulnerabilities Let Attackers Bypass Access Controls to Access Session Data. Cyber Security News. https://cybersecuritynews.com/zoom-security-vulnerabilities/

[2] Divya. (2025, November 11). Zoom Workplace for Windows Flaw Allows Local Privilege Escalation. GbHackers. https://gbhackers.com/zoom-workplace-for-windows-flaw/ 

[3] Feedly. (2025, November 10). CVE-2025-64740. Feedly. https://feedly.com/cve/CVE-2025-64740 

[4] Priya, A. (2025, November 11). Zoom Workplace for Windows Vulnerability Allows Users to Escalate Privileges. Cyber Press. https://cyberpress.org/zoom-workplace-for-windows-vulnerability/ 

[5] Underhill, K. (2025, November 11). Critical Zoom Vulnerability Exposes Windows Users to Attacks. eSecurity Planet. https://www.esecurityplanet.com/threats/critical-zoom-vulnerability-exposes-windows-users-to-attacks/ 

[6] Zoom. (2025, October 13). Getting started with VDI. Zoom Support. https://support.zoom.com/hc/en/article?id=zm_kb&sysparm_article=KB0060160