CVE-2026-30901 is a vulnerability identified in Zoom Rooms for Windows prior to version 6.6.5, specifically when operating in Kiosk Mode. The root cause is improper input validation (CWE-20), which allows an authenticated user with local access and low privileges to escalate their privileges on the host system. Kiosk Mode typically restricts user interaction to a specific application environment, but this flaw undermines those restrictions by permitting unauthorized privilege escalation. The vulnerability has a CVSS 3.1 base score of 7.0, indicating high severity, with the vector AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. This means the attack requires local access, high attack complexity, low privileges, no user interaction, and affects confidentiality, integrity, and availability significantly. Although no known exploits are currently reported in the wild, the potential impact is severe because an attacker could gain administrative control, leading to full system compromise, data breaches, or disruption of services. The absence of published patches at the time of reporting necessitates immediate attention to alternative mitigation strategies. Zoom Rooms is widely used in enterprise and educational environments for video conferencing and collaboration, often deployed in controlled kiosk setups, making this vulnerability particularly concerning for organizations relying on these configurations.

The vulnerability allows an authenticated local user to escalate privileges, potentially gaining administrative control over the affected Windows system running Zoom Rooms in Kiosk Mode. This can lead to unauthorized access to sensitive data, modification or deletion of critical files, installation of persistent malware, and disruption of Zoom Rooms services or other system functions. Organizations using Zoom Rooms in sensitive environments such as corporate boardrooms, educational institutions, healthcare, or government facilities face increased risks of insider threats or lateral movement by attackers who gain initial access. The compromise of Kiosk Mode undermines the security model intended to restrict user actions, increasing the attack surface. Given the high confidentiality, integrity, and availability impact, exploitation could result in significant operational disruption, data loss, and reputational damage.

1. Upgrade Zoom Rooms for Windows to version 6.6.5 or later as soon as the patch becomes available to address this vulnerability directly. 2. Until a patch is released, restrict local access to systems running Zoom Rooms in Kiosk Mode to trusted personnel only and enforce strict physical security controls. 3. Implement application whitelisting and endpoint detection and response (EDR) solutions to monitor for suspicious privilege escalation attempts. 4. Harden Windows host configurations by applying the principle of least privilege, disabling unnecessary local accounts, and enforcing strong authentication mechanisms. 5. Regularly audit and monitor logs for unusual activities related to Zoom Rooms processes or privilege escalations. 6. Consider isolating Zoom Rooms devices on segmented networks to limit lateral movement if compromise occurs. 7. Educate IT staff and users about the risks of local access exploitation and the importance of reporting anomalies promptly.