CVE-2025-64740: 
Zoom VDI Client vulnerability analysis and mitigation

A high-severity vulnerability (CVE-2025-64740) was discovered in the Zoom Workplace VDI Client for Windows, involving improper verification of cryptographic signatures. The vulnerability was reported by Mandiant and disclosed on November 11, 2025, affecting Zoom Workplace VDI Client for Windows versions prior to 6.3.14, 6.4.12, and 6.5.10 in their respective tracks (Zoom Bulletin, Cybersecurity News).

The vulnerability stems from improper verification of cryptographic signatures in the Zoom Workplace VDI Client installer. It has been assigned a CVSS score of 7.5 with the vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H, indicating high severity. The technical assessment shows that the vulnerability requires local access and user interaction for exploitation (GBHackers, Zoom Bulletin).

If exploited, this vulnerability could allow an authenticated user with local access to escalate their privileges on affected systems. The potential impact includes unauthorized privilege elevation, enabling attackers to execute arbitrary code with elevated permissions, access restricted files, or compromise system integrity (GBHackers).

Zoom has released patches to address this vulnerability. Users are advised to update to versions 6.3.14, 6.4.12, or 6.5.10 or later in their respective tracks. The updates are available through the official Zoom download center at https://zoom.us/download (Zoom Bulletin).