Cyber Resilience

CVE-2025-0145

MediumLPE

Published: 30 January 2025

Published
30 January 2025
Modified
20 August 2025
KEV Added
Patch
CVSS Score v3.1 4.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L
EPSS Score 0.0009 25.2th percentile
Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0145 is a medium-severity Untrusted Search Path (CWE-426) vulnerability in Zoom Workplace Virtual Desktop Infrastructure. Its CVSS base score is 4.6 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Path Interception by Search Order Hijacking (T1574.008); ranked at the 25.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-11 (User-installed Software).

Deeper analysis

CVE-2025-0145 is an untrusted search path vulnerability (CWE-426) affecting the installer for some Zoom Workplace Apps for Windows. Published on 2025-01-30, it carries a CVSS v3.1 base score of 4.6 (AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L). The issue enables an authorized user with local access to potentially escalate privileges by exploiting the untrusted search path during installer execution.

Exploitation requires local access, low privileges, low attack complexity, and user interaction. A malicious actor meeting these conditions could leverage the vulnerability to achieve privilege escalation, resulting in low impacts to integrity and availability within a changed scope, but no confidentiality impact.

Zoom's security bulletin ZSB-25004 at https://www.zoom.com/en/trust/security-bulletin/zsb-25004/ provides further details on mitigation and patches.

EU & UK References

Vulnerability details

Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalation of privilege via local access.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.008 Path Interception by Search Order Hijacking Stealth
Adversaries may execute their own malicious payloads by hijacking the search order used to load other programs.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Untrusted search path in Windows installer directly enables search order hijacking for local privilege escalation.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-49457Same product: Zoom Meeting Software Development Kit
CVE-2024-45421Same product: Zoom Meeting Software Development Kit
CVE-2025-27439Same product: Zoom Meeting Software Development Kit
CVE-2025-0151Same product: Zoom Meeting Software Development Kit
CVE-2025-27440Same product: Zoom Meeting Software Development Kit
CVE-2024-45418Same product: Zoom Meeting Software Development Kit
CVE-2026-30906Same product: Zoom Rooms
CVE-2026-30900Same product: Zoom Meeting Software Development Kit
CVE-2025-0147Same product: Zoom Meeting Software Development Kit
CVE-2026-30902Same product: Zoom Rooms

Affected Assets

zoom
meeting software development kit
≤ 6.2.5
zoom
rooms
≤ 6.2.5
zoom
rooms controller
≤ 6.2.5
zoom
video software development kit
≤ 6.2.5
zoom
workplace desktop
≤ 6.2.5
zoom
workplace virtual desktop infrastructure
≤ 6.0.15 · 6.0.16 — 6.1.13

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the untrusted search path vulnerability in the Zoom Workplace installer by applying vendor patches as specified in Zoom's security bulletin.

prevent

Establishes and enforces organizational policies governing user-installed software, restricting execution of the vulnerable Zoom installer that requires user interaction for exploitation.

preventdetect

Verifies the integrity of software and firmware components loaded during installer execution, mitigating untrusted search path exploitation by detecting tampered or unauthorized binaries.

References