CVE-2025-54983 identifies a resource management vulnerability (CWE-772) in the Zscaler Client Connector (ZCC) for Windows, specifically in versions 4.6 prior to 4.6.0.216 and 4.7 prior to 4.7.0.47. The issue involves a health check port that, under certain conditions, remains open and is not released after its effective lifetime. This residual open port can be exploited to bypass the forwarding controls implemented by ZCC, which are designed to enforce secure routing and filtering of network traffic. The vulnerability stems from the failure to properly release system resources, leading to unintended exposure of a communication channel. The CVSS 3.1 score of 5.2 reflects a medium severity, with an attack vector requiring local access (AV:L), low complexity (AC:L), and low privileges (PR:L), but no user interaction (UI:N). The scope is changed (S:C), meaning the vulnerability can affect resources beyond the initially vulnerable component. Confidentiality and integrity impacts are rated low, while availability is unaffected. No public exploits have been reported, indicating the vulnerability is not yet actively exploited. However, the potential for attackers to circumvent ZCC’s security controls could allow unauthorized data flows or evasion of security policies, undermining the zero trust posture of affected organizations. The vulnerability is particularly relevant for enterprises using Zscaler’s cloud security platform to secure remote and on-premises endpoints, as it may weaken the enforcement of network segmentation and traffic inspection.

For European organizations, the vulnerability could lead to unauthorized bypass of Zscaler Client Connector’s forwarding controls, potentially exposing sensitive internal traffic to interception or manipulation. This undermines the confidentiality and integrity of data flows, especially in environments relying on Zscaler for zero trust network access and secure web gateway functions. Organizations in sectors with strict data protection requirements, such as finance, healthcare, and government, may face increased risk of data leakage or compliance violations. Although the vulnerability does not impact availability, the ability to circumvent security controls can facilitate lateral movement or data exfiltration by attackers with local access. The limited attack vector requiring local access reduces the risk of remote exploitation but highlights the importance of endpoint security hygiene. The absence of known exploits in the wild suggests a window of opportunity for organizations to patch before active attacks emerge. Failure to address this vulnerability could degrade trust in Zscaler’s security posture and increase exposure to insider threats or malware that gains local foothold.

European organizations should prioritize upgrading Zscaler Client Connector to versions 4.6.0.216 or later and 4.7.0.47 or later as soon as patches are released. Until patches are available, implement strict endpoint access controls to limit local user privileges and prevent unauthorized software execution. Monitor network traffic for anomalous connections or unexpected open ports on endpoints running ZCC. Employ host-based intrusion detection systems (HIDS) to detect suspicious activity related to port usage. Conduct regular audits of endpoint configurations and ensure that security policies enforce least privilege principles. Coordinate with Zscaler support to receive timely updates and advisories. Additionally, reinforce user awareness training to reduce the risk of local compromise. For critical environments, consider network segmentation to isolate endpoints running vulnerable ZCC versions. Finally, integrate vulnerability scanning into endpoint management workflows to detect and remediate outdated ZCC installations proactively.