These vulnerabilities could allow attackers to escalate privileges and access sensitive information through local access mechanisms.
The company has advised all affected users to update immediately to version 6.6.0 or later to mitigate these security risks.
The vulnerabilities affect Zoom Rooms installations on both operating systems, with the Windows vulnerability rated higher in severity.
Anonymous security researchers discovered both issues and have been assigned distinct CVE identifiers.
Zoom has released patches and guidance to help users protect their systems against potential exploitation.
The macOS vulnerability focuses on improper file name and path control, while the Windows issue stems from a failure in the software downgrade protection mechanism.
These distinct technical issues represent different attack vectors but pose similar risks to organizational security.
Organizations using Zoom Rooms for video conferencing and collaboration should prioritize deploying the latest patches to their installations.
Security teams are urged to review their current Zoom Rooms deployments and verify that all systems are updated to version 6.6.0 or later.
The vulnerabilities require local access to exploit, which reduces the immediate attack surface but still presents significant risk for compromised endpoints or insider threats.
Organizations should integrate software updates with robust access control policies and endpoint monitoring to maintain a comprehensive security posture.
| Vulnerability | Bulletin | CVE ID | Severity | CVSS Score | Vector | Affected Product |
|---|---|---|---|---|---|---|
| External Control of File Name or Path | ZSB-25051 | CVE-2025-67461 | Medium | 5.0 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N | Zoom Rooms for macOS < 6.6.0 |
| Software Downgrade Protection Mechanism Failure | ZSB-25050 | CVE-2025-67460 | High | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | Zoom Rooms for Windows < 6.6.0 |
The macOS vulnerability (CVE-2025-67461) involves improper external control over file names or paths in Zoom Rooms versions before 6.6.0.
An authenticated user with local access and user interaction could exploit this weakness to disclose sensitive information on the system.
The medium severity rating indicates that legitimate user credentials and additional user interaction are required to trigger the vulnerability.
The Windows vulnerability (CVE-2025-67460) poses a higher risk, with a severity score of 7.8. This issue stems from a flaw in the software downgrade protection mechanism, which could allow unauthenticated local users to escalate privileges without requiring additional user interaction.
This could enable attackers to gain elevated system permissions and execute arbitrary commands.
Find this Story Interesting! Follow us on Google News, LinkedIn and X to Get More Instant Update
The post Zoom Rooms for Windows & macOS Exposed to Privilege Escalation and Data Disclosure Flaws appeared first on Cyber Security News.
Publisher Sega and developer Creative Assembly have revealed what appears to be a teaser trailer…
US President Donald Trump used a lone gunman’s storming of the lobby outside the White House Correspondents’ Dinner on…
AMHERST — Performances by local and student bands, an art walk at campus galleries and…
GREENFIELD — Aided by grant funding, the nonprofit law organization providing free services to low-income…
Children’s Advocacy Center luminaria event NORTHAMPTON — The Children’s Advocacy Center (CAC) of Hampshire County…
CHESTERFIELD — For the fourth time in 16 months, Chesterfield has a new Council on…
This website uses cookies.