Cyber Posture

CVE-2025-0145

MediumLPE

Published: 30 January 2025

Published
30 January 2025
Modified
20 August 2025
KEV Added
Patch
CVSS Score 4.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L
EPSS Score 0.0009 25.0th percentile
Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0145 is a medium-severity Untrusted Search Path (CWE-426) vulnerability in Zoom Workplace Virtual Desktop Infrastructure. Its CVSS base score is 4.6 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Path Interception by Search Order Hijacking (T1574.008); ranked at the 25.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-11 (User-installed Software).

Threat & Defense at a Glance

What attackers do: exploitation maps to Path Interception by Search Order Hijacking (T1574.008) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly remediates the untrusted search path vulnerability in the Zoom Workplace installer by applying vendor patches as specified in Zoom's security bulletin.

CM-11 User-installed Software partial match
prevent

Establishes and enforces organizational policies governing user-installed software, restricting execution of the vulnerable Zoom installer that requires user interaction for exploitation.

SI-7 Software, Firmware, and Information Integrity partial match
preventdetect

Verifies the integrity of software and firmware components loaded during installer execution, mitigating untrusted search path exploitation by detecting tampered or unauthorized binaries.

MITRE ATT&CK Enterprise TechniquesAI

T1574.008 Path Interception by Search Order Hijacking Stealth
Adversaries may execute their own malicious payloads by hijacking the search order used to load other programs.
attack.mitre.org →
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Untrusted search path in Windows installer directly enables search order hijacking for local privilege escalation.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalation of privilege via local access.

Deeper analysisAI

CVE-2025-0145 is an untrusted search path vulnerability (CWE-426) affecting the installer for some Zoom Workplace Apps for Windows. Published on 2025-01-30, it carries a CVSS v3.1 base score of 4.6 (AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L). The issue enables an authorized user with local access to potentially escalate privileges by exploiting the untrusted search path during installer execution.

Exploitation requires local access, low privileges, low attack complexity, and user interaction. A malicious actor meeting these conditions could leverage the vulnerability to achieve privilege escalation, resulting in low impacts to integrity and availability within a changed scope, but no confidentiality impact.

Zoom's security bulletin ZSB-25004 at https://www.zoom.com/en/trust/security-bulletin/zsb-25004/ provides further details on mitigation and patches.

Details

CWE(s)
CWE-426

Affected Products

zoom
meeting software development kit
≤ 6.2.5
zoom
rooms
≤ 6.2.5
zoom
rooms controller
≤ 6.2.5
zoom
video software development kit
≤ 6.2.5
zoom
workplace desktop
≤ 6.2.5
zoom
workplace virtual desktop infrastructure
≤ 6.0.15 · 6.0.16 — 6.1.13

CVEs Like This One

CVE-2025-49457Same product: Zoom Meeting Software Development Kit
CVE-2025-0151Same product: Zoom Meeting Software Development Kit
CVE-2025-27440Same product: Zoom Meeting Software Development Kit
CVE-2025-27439Same product: Zoom Meeting Software Development Kit
CVE-2024-45421Same product: Zoom Meeting Software Development Kit
CVE-2025-0147Same product: Zoom Meeting Software Development Kit
CVE-2024-45424Same product: Zoom Meeting Software Development Kit
CVE-2025-0149Same product: Zoom Meeting Software Development Kit
CVE-2024-45418Same product: Zoom Meeting Software Development Kit
CVE-2025-62484Same product: Zoom Meeting Software Development Kit

References