External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HZoom Workplace Desktop
APPZoom< 6.6.0Zoom Workplace Virtual Desktop Infrastructure
APPZoom6.4.0 – 6.4.17 (bez)6.5.0 – 6.5.15 (bez)6.6.0 – 6.6.10 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Related vulnerabilities
CVE-2025-49457CRITICAL9.6PL ✓ten sam produkt
Untrusted search path w klientach Zoom dla Windows — privilege escalation przez sieć
CVE-2026-30905HIGH7.8ten sam produkt
External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before vers...
CVE-2026-30900HIGH7.8ten sam produkt
Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an aut...
CVE-2026-30902HIGH7.8ten sam produkt
Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct a...
CVE-2025-64740HIGH7.5ten sam produkt
Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows ma...