CVE-2025-49459 is a high-severity vulnerability identified in Zoom Communications, Inc's Zoom Workplace application specifically for Windows on ARM platforms. The vulnerability stems from a missing authorization check in the installer component of Zoom Workplace versions prior to 6.5.0. This flaw allows an authenticated local user—meaning someone with legitimate access to the system but with limited privileges—to escalate their privileges on the affected machine. The vulnerability is categorized under CWE-862, which refers to missing authorization, indicating that the installer does not properly verify whether the user has the necessary permissions to perform certain privileged actions during installation or update processes. The CVSS v3.1 base score of 7.8 reflects a high impact, with the vector indicating that the attack requires local access (AV:L), low attack complexity (AC:L), privileges required are low (PR:L), no user interaction is needed (UI:N), and the scope is unchanged (S:U). The impact on confidentiality, integrity, and availability is rated high (C:H/I:H/A:H), meaning an attacker could gain full control over the system, potentially accessing sensitive data, modifying application or system files, and disrupting service availability. No known exploits are currently reported in the wild, and no patch links are provided yet, suggesting that mitigation may require vendor updates or workarounds. This vulnerability is particularly relevant for organizations deploying Zoom Workplace on Windows ARM devices, which are increasingly common in mobile and lightweight computing environments.

For European organizations, this vulnerability poses a significant risk, especially for enterprises and public sector entities that rely on Zoom Workplace for internal communications and collaboration on Windows ARM devices. Successful exploitation could allow a malicious insider or compromised user account to gain administrative privileges, leading to unauthorized access to sensitive corporate communications, intellectual property, or personal data protected under GDPR. The high impact on confidentiality, integrity, and availability means attackers could manipulate meeting data, intercept or alter communications, or disrupt business operations. Given the increasing adoption of ARM-based Windows devices in Europe for their power efficiency and portability, this vulnerability could affect a broad range of sectors including finance, healthcare, government, and education. The lack of user interaction requirement and low complexity of exploitation further increase the threat level, as attackers with minimal privileges could leverage this flaw without needing to trick users or perform complex attacks. This could also facilitate lateral movement within networks, escalating the risk of broader compromise.

European organizations should prioritize the following specific mitigation steps: 1) Immediately inventory all Windows ARM devices running Zoom Workplace and identify versions prior to 6.5.0. 2) Coordinate with Zoom Communications to obtain and deploy the official patch or update as soon as it becomes available. 3) Until patches are available, restrict local user permissions to the minimum necessary, especially limiting installer execution rights to trusted administrators only. 4) Implement application whitelisting to prevent unauthorized execution of installers or scripts that could exploit this vulnerability. 5) Monitor local privilege escalation attempts through endpoint detection and response (EDR) tools focusing on installer-related activities. 6) Enforce strict access controls and audit logs on devices to detect suspicious privilege escalations. 7) Educate IT staff and users about the risk of local privilege escalation and the importance of reporting unusual system behavior. 8) Consider network segmentation to isolate ARM-based devices running Zoom Workplace from critical systems to limit potential lateral movement.