CVE-2025-67460 is a vulnerability classified under CWE-693 (Protection Mechanism Failure) affecting Zoom Rooms for Windows versions prior to 6.6.0. The core issue arises from a failure to properly enforce protections against software downgrades, which can be exploited by an unauthenticated attacker who has local access to the system. By leveraging this flaw, the attacker can escalate privileges, potentially gaining administrative or SYSTEM-level control over the affected machine. The vulnerability does not require user interaction and has a low attack complexity, but it does require local access with limited privileges. The CVSS v3.1 base score is 7.8, reflecting high impact on confidentiality, integrity, and availability. The vulnerability could allow attackers to bypass security controls, install persistent malware, or disrupt Zoom Rooms operations, impacting business continuity and data security. No public exploits or patches were available at the time of publication, emphasizing the need for proactive mitigation. The vulnerability is particularly relevant for organizations relying on Zoom Rooms for critical communications, as compromised systems could lead to broader network infiltration or data leakage. The failure to prevent software downgrade attacks indicates a weakness in the update and version control mechanisms within Zoom Rooms, which attackers can exploit to revert to vulnerable versions or bypass security checks.

For European organizations, this vulnerability poses a significant risk to the security of conference room systems running Zoom Rooms on Windows. Successful exploitation could lead to unauthorized privilege escalation, allowing attackers to manipulate meeting environments, access sensitive communications, or deploy further malware within corporate networks. This could disrupt business operations, compromise confidential information, and damage organizational reputation. Organizations with shared or less strictly controlled local access environments, such as universities, government offices, or large enterprises with many users having physical or remote local access, are particularly vulnerable. The impact extends beyond the affected device, as attackers with escalated privileges could pivot to other network resources. Given the widespread use of Zoom Rooms across Europe for remote collaboration and hybrid work, the vulnerability could affect critical infrastructure and sectors including finance, healthcare, and public administration. The lack of known exploits currently reduces immediate risk, but the potential for rapid weaponization remains high once exploit code becomes available.

1. Upgrade Zoom Rooms for Windows to version 6.6.0 or later as soon as the patch is released by Zoom Communications Inc. 2. Until patches are available, restrict local access to Zoom Rooms devices by enforcing strict physical and logical access controls, including limiting user accounts with local login privileges. 3. Implement application whitelisting and endpoint detection and response (EDR) solutions to monitor for unusual privilege escalation attempts or unauthorized software downgrades. 4. Regularly audit and harden system configurations to minimize attack surface, including disabling unnecessary local accounts and services. 5. Educate IT staff and users about the risks of local privilege escalation and the importance of reporting suspicious activity. 6. Monitor vendor communications for updates and advisories related to this vulnerability. 7. Consider network segmentation for Zoom Rooms devices to limit lateral movement in case of compromise. 8. Employ multi-factor authentication (MFA) for local accounts where possible to reduce risk of unauthorized access.