CVE-2025-49459 is a high-severity vulnerability identified in Zoom Communications, Inc's Zoom Workplace application specifically for Windows on ARM platforms, affecting versions prior to 6.5.0. The vulnerability is classified under CWE-862, which denotes a missing authorization issue. In this case, the installer component of Zoom Workplace lacks proper authorization checks, allowing an authenticated local user to escalate their privileges. This means that a user with limited rights on the affected system could exploit this flaw to gain higher privileges, potentially administrative-level access. The vulnerability requires local access and some level of authentication (i.e., the attacker must already have a user account on the system), but does not require user interaction beyond executing the installer. The CVSS v3.1 score is 7.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity and no user interaction needed. The vulnerability could allow an attacker to execute arbitrary code with elevated privileges, modify system configurations, or access sensitive data, severely compromising the affected system. No known exploits are currently reported in the wild, and no patches have been linked yet, indicating that organizations should prioritize monitoring and mitigation efforts as updates become available.

For European organizations, this vulnerability poses a significant risk, especially in environments where Zoom Workplace for Windows on ARM is deployed. The escalation of privilege could allow malicious insiders or compromised user accounts to gain administrative control over endpoints, leading to potential data breaches, unauthorized access to corporate communications, and disruption of business operations. Given the widespread use of Zoom products for remote collaboration, exploitation could also facilitate lateral movement within networks, increasing the risk of broader compromise. The impact is particularly critical for sectors with stringent data protection requirements such as finance, healthcare, and government institutions in Europe, where unauthorized access could lead to violations of GDPR and other regulatory frameworks. Additionally, organizations using ARM-based Windows devices, which are increasingly common in mobile and lightweight computing scenarios, may be more exposed if they have not updated to patched versions.

European organizations should implement the following specific mitigation strategies: 1) Immediately inventory and identify all Windows on ARM devices running Zoom Workplace to assess exposure. 2) Restrict local user permissions rigorously to minimize the number of users with authenticated access capable of exploiting this vulnerability. 3) Monitor and control the execution of installers and software installation processes using application whitelisting or endpoint protection platforms to detect and block unauthorized privilege escalation attempts. 4) Apply the Zoom Workplace update to version 6.5.0 or later as soon as it becomes available, prioritizing ARM-based Windows devices. 5) Employ enhanced logging and alerting on privilege escalation events and installer executions to detect potential exploitation attempts early. 6) Educate IT and security teams about this specific vulnerability to ensure rapid response and patch management. 7) Consider network segmentation and least privilege principles to limit the impact of any compromised endpoint.