CVE-2025-49459 is a vulnerability classified under CWE-862 (Missing Authorization) found in Zoom Communications, Inc's Zoom Workplace application for Windows on ARM platforms. The flaw exists in the installer component before version 6.5.0, where insufficient authorization checks allow an authenticated user with local access to escalate their privileges. Specifically, the installer fails to verify whether the user has the appropriate permissions to perform privileged operations during installation or update processes. This missing authorization can be exploited by a local attacker who already has some level of access to the system, enabling them to gain higher privileges, potentially up to SYSTEM or administrator level. The vulnerability has a CVSS 3.1 base score of 7.8, reflecting its high impact on confidentiality, integrity, and availability, combined with relatively low attack complexity and no requirement for user interaction. Although no exploits have been reported in the wild yet, the vulnerability poses a significant risk in multi-user environments or where local access controls are weak. The ARM architecture focus indicates that this affects devices running Windows on ARM processors, which are increasingly common in enterprise and mobile computing contexts. The lack of patch links suggests that a fix is forthcoming but not yet publicly available at the time of this report.

The vulnerability allows an authenticated local user to escalate privileges, potentially gaining administrative or SYSTEM-level control over affected devices. This can lead to full compromise of the system, including unauthorized access to sensitive data, modification or deletion of critical files, installation of persistent malware, and disruption of services. Organizations relying on Zoom Workplace for Windows on ARM may face increased risk of insider threats or lateral movement by attackers who gain initial footholds with limited privileges. The impact extends to confidentiality, integrity, and availability of systems and data. Given the growing adoption of Windows on ARM devices in enterprise environments, especially for remote work and collaboration, this vulnerability could facilitate sophisticated attacks targeting corporate networks. The absence of known exploits in the wild currently limits immediate risk but does not diminish the urgency for mitigation, as threat actors may develop exploits rapidly once details are public.

Organizations should monitor Zoom Communications' official channels for the release of version 6.5.0 or later that addresses this vulnerability and apply updates promptly. Until patches are available, restrict local user permissions to the minimum necessary, avoiding granting installation or administrative rights to untrusted users. Employ application whitelisting and endpoint protection solutions to detect and prevent unauthorized privilege escalation attempts. Conduct regular audits of local user accounts and installed software to identify potential misuse. Consider isolating ARM-based Windows devices running Zoom Workplace in segmented network zones to limit lateral movement in case of compromise. Additionally, implement robust logging and monitoring to detect suspicious installer activity or privilege escalation attempts. Educate users about the risks of local privilege escalation and enforce strict physical and logical access controls to prevent unauthorized local access.