Description
Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
CVSS Metrics
- Vector
- CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
- Attack Vector
- local
- Complexity
- high
- Privileges
- low
- User Action
- required
- Scope
- changed
- Confidentiality
- high
- Integrity
- high
- Availability
- high
- Weaknesses
- CWE-347
Metadata
- Primary Vendor
- ZOOM
- Published
- 11/13/2025
- Last Modified
- 1/13/2026
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
zoom : workplace_virtual_desktop_infrastructurezoom : workplace_virtual_desktop_infrastructure
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.