Threat Advisory

Zoom Rooms for Windows and macOS Vulnerabilities Triggers Local users with unauthorized File Access

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: High


EXECUTIVE SUMMARY:

A pair of serious vulnerabilities have been discovered in Zoom Rooms on Windows and macOS, affecting all installations prior to version. On Windows, a flaw in the downgrade‑protection mechanism can be abused by a local user to escalate privileges potentially granting system‑level control over the machine. On macOS, a separate vulnerability allows an authenticated local user to influence file‑name or path handling, enabling disclosure of sensitive data. In environments such as shared conference rooms or corporate devices where multiple users may have local access these vulnerabilities pose a risk of unauthorized access, data leakage, or insider compromise. It is using Zoom Rooms should immediately update to the patched version and audit access controls, enforce least‑privilege policies, and monitor unusual file operations or downgrade attempts.

  • CVE-2025-67460: It is a vulnerability in Zoom Rooms for Windows prior to version. It allows a local user to bypass the downgrade-protection mechanism. Exploiting this can lead to privilege escalation to SYSTEM-level access. This puts multi-user or shared devices at risk of full system compromise. The vulnerability has a CVSS score of 7.8.
  • CVE‑2025‑67461: It is a vulnerability in Zoom Rooms for macOS before version 6.6.0. A local user with access can exploit improper handling of file operations within the application. This flaw can enable unauthorized access to files that Zoom Rooms interact with. The risk is on shared or multi‑user macOS devices. The vulnerability has a CVSS score of 5.0.

 

RECOMMENDATION:

  • We strongly recommend you update Zoom Rooms to version 6.6.11 on Windows and macOS.

 

REFERENCES:

The following reports contain further technical details:

crossmenu