These vulnerabilities could allow attackers to escalate privileges and access sensitive information through local access mechanisms.
The company has advised all affected users to update immediately to version 6.6.0 or later to mitigate these security risks.
The vulnerabilities affect Zoom Rooms installations on both operating systems, with the Windows vulnerability rated higher in severity.
Anonymous security researchers discovered both issues and have been assigned distinct CVE identifiers.
Zoom has released patches and guidance to help users protect their systems against potential exploitation.
The macOS vulnerability focuses on improper file name and path control, while the Windows issue stems from a failure in the software downgrade protection mechanism.
These distinct technical issues represent different attack vectors but pose similar risks to organizational security.
Organizations using Zoom Rooms for video conferencing and collaboration should prioritize deploying the latest patches to their installations.
Security teams are urged to review their current Zoom Rooms deployments and verify that all systems are updated to version 6.6.0 or later.
The vulnerabilities require local access to exploit, which reduces the immediate attack surface but still presents significant risk for compromised endpoints or insider threats.
Organizations should integrate software updates with robust access control policies and endpoint monitoring to maintain a comprehensive security posture.
| Vulnerability | Bulletin | CVE ID | Severity | CVSS Score | Vector | Affected Product |
|---|---|---|---|---|---|---|
| External Control of File Name or Path | ZSB-25051 | CVE-2025-67461 | Medium | 5.0 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N | Zoom Rooms for macOS < 6.6.0 |
| Software Downgrade Protection Mechanism Failure | ZSB-25050 | CVE-2025-67460 | High | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | Zoom Rooms for Windows < 6.6.0 |
The macOS vulnerability (CVE-2025-67461) involves improper external control over file names or paths in Zoom Rooms versions before 6.6.0.
An authenticated user with local access and user interaction could exploit this weakness to disclose sensitive information on the system.
The medium severity rating indicates that legitimate user credentials and additional user interaction are required to trigger the vulnerability.
The Windows vulnerability (CVE-2025-67460) poses a higher risk, with a severity score of 7.8. This issue stems from a flaw in the software downgrade protection mechanism, which could allow unauthenticated local users to escalate privileges without requiring additional user interaction.
This could enable attackers to gain elevated system permissions and execute arbitrary commands.
Find this Story Interesting! Follow us on Google News, LinkedIn and X to Get More Instant Update
The post Zoom Rooms for Windows & macOS Exposed to Privilege Escalation and Data Disclosure Flaws appeared first on Cyber Security News.
Magic: The Gathering’s crossovers get harder to predict, and the second set of the year…
Pixar's Hoppers, about a young animal rights activist (Piper Curda) who transfers her mind into…
After more than five years since the last book in the series was published, Sarah…
A giant power line was knocked down Friday evening after a truck crashed into it.
Students at Caledonia Elementary School were sent home Friday morning after heavy rainfall caused flooding…
On its Early Access launch day, before I'd unlocked anything, I was struck by how…
This website uses cookies.