CVE-2025-64740 is a vulnerability classified under CWE-347 (Improper Verification of Cryptographic Signature) affecting the Zoom Workplace VDI Client for Windows. The issue arises from the installer’s failure to correctly verify cryptographic signatures, which are intended to ensure the authenticity and integrity of the installation package. This improper verification can be exploited by an authenticated local user who has limited privileges to escalate their privileges on the system. The attack vector requires local access and user interaction, as the attacker must execute or manipulate the installer. The vulnerability impacts confidentiality, integrity, and availability by potentially allowing an attacker to execute arbitrary code with elevated privileges, thereby compromising the entire system. The CVSS v3.1 score of 7.5 reflects high severity, with attack vector Local (AV:L), attack complexity High (AC:H), privileges required Low (PR:L), user interaction Required (UI:R), and scope Changed (S:C). The vulnerability does not currently have known exploits in the wild, but the risk remains significant due to the critical nature of privilege escalation in enterprise environments. Zoom Workplace VDI Client is used in virtual desktop infrastructure setups, which are common in corporate environments to provide remote desktop access. The improper signature verification undermines the security model of the installer, making it possible for malicious actors with local access to bypass protections and gain higher privileges.

For European organizations, this vulnerability poses a significant threat to enterprise security, particularly in sectors relying heavily on virtual desktop infrastructure (VDI) such as finance, healthcare, government, and large enterprises. Successful exploitation could lead to unauthorized access to sensitive communications, data leakage, and disruption of business operations. The escalation of privilege could allow attackers to install persistent malware, exfiltrate confidential information, or disrupt availability of critical communication tools. Given the widespread use of Zoom for remote collaboration and the increasing adoption of VDI solutions in Europe, the impact could be broad and severe. Organizations with less stringent local user access controls or delayed patch management processes are especially vulnerable. The vulnerability also raises compliance concerns under GDPR and other data protection regulations due to potential data breaches resulting from privilege escalation.

1. Apply official patches from Zoom immediately once available to address the signature verification flaw. 2. Until patches are released, restrict local user permissions to the minimum necessary, preventing unprivileged users from executing or modifying the Zoom Workplace VDI Client installer. 3. Implement application whitelisting and integrity monitoring to detect unauthorized changes to installer files. 4. Enforce strict endpoint security policies, including limiting local administrative rights and using endpoint detection and response (EDR) tools to monitor suspicious installer activity. 5. Conduct regular audits of installed software and verify digital signatures manually if needed. 6. Educate users about the risks of executing untrusted installers and the importance of reporting unusual system behavior. 7. Use network segmentation to isolate VDI environments and reduce the attack surface. 8. Monitor security advisories from Zoom and cybersecurity authorities for updates and exploit reports.