CVE-2025-30664 is a medium-severity cross-site scripting (XSS) vulnerability identified in Zoom Communications, Inc's Zoom Workplace Apps. The root cause is improper neutralization of input during web page generation (CWE-79), which allows an authenticated user to inject malicious scripts. This vulnerability enables an escalation of privilege through local access, meaning the attacker must already have some level of authenticated access to the application and then leverage the XSS flaw to increase their privileges. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N) indicates that the attack requires local access (AV:L), low attack complexity (AC:L), privileges (PR:L), and user interaction (UI:R). The scope is unchanged (S:U), and the impact is high on confidentiality and integrity but no impact on availability. No public exploits are known yet, and no patches have been linked at the time of publication. This vulnerability is significant because Zoom Workplace Apps are widely used for enterprise collaboration, and XSS can lead to session hijacking, data theft, or unauthorized actions within the app. The vulnerability emphasizes the need for proper input validation and output encoding in web applications, especially those handling sensitive communications and data.

The vulnerability could allow an authenticated user to escalate privileges within Zoom Workplace Apps, potentially leading to unauthorized access to sensitive information, manipulation of data, or execution of unauthorized actions. This compromises confidentiality and integrity of enterprise communications and data managed through Zoom Workplace Apps. While availability is not impacted, the breach of confidentiality and integrity can lead to significant operational and reputational damage. Organizations relying heavily on Zoom for internal collaboration and communication may face increased risk of insider threats or lateral movement by attackers who gain initial access. The lack of known exploits reduces immediate risk, but the widespread use of Zoom Workplace Apps globally means the potential impact is broad. Attackers exploiting this vulnerability could bypass some security controls, making it easier to conduct further attacks or data exfiltration.

Organizations should monitor Zoom Communications’ official channels for patches addressing CVE-2025-30664 and apply updates promptly once available. In the interim, restrict local access to Zoom Workplace Apps to trusted users only and enforce strict authentication and authorization policies. Implement additional input validation and output encoding controls at the application layer if possible, to reduce the risk of XSS exploitation. Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts within the app environment. Conduct regular security assessments and code reviews focusing on input handling and sanitization in custom integrations or plugins related to Zoom Workplace Apps. Educate users about the risks of interacting with suspicious content even within authenticated sessions. Network segmentation and monitoring for anomalous behavior related to privilege escalation attempts can also help detect exploitation attempts early.