CVE-2025-30663

Q: What is the severity of CVE-2025-30663?

CVE-2025-30663 has a CVSS score of 8.8 (HIGH). A time-of-check time-of-use race condition vulnerability in Zoom Workplace Apps allows authenticated local users to escalate privileges. This affects users running vulnerable versions of Zoom Workplace Apps on their local systems. Attackers must have local access and authentication to exploit this vulnerability.

8.8 HIGH

📋 TL;DR

A time-of-check time-of-use race condition vulnerability in Zoom Workplace Apps allows authenticated local users to escalate privileges. This affects users running vulnerable versions of Zoom Workplace Apps on their local systems. Attackers must have local access and authentication to exploit this vulnerability.

💻 Affected Systems

Products:

Zoom Workplace Apps

Versions: Specific versions not detailed in reference; check Zoom security bulletin ZSB-25016 for exact affected versions

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires local access and user authentication. Zoom Workplace Apps must be installed and running.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker gains full system-level privileges, potentially compromising the entire local system and accessing sensitive data or installing persistent malware.

🟠

Likely Case

Local authenticated users escalate to higher privileges within the Zoom application context, potentially accessing other user data or system resources they shouldn't have access to.

🟢

If Mitigated

With proper access controls and patching, the impact is limited to the local user's own session with no privilege escalation.

🌐 Internet-Facing: LOW - This requires local access and authentication, not directly exploitable over the internet.

🏢 Internal Only: MEDIUM - Internal users with local access could exploit this, but requires authentication and specific timing conditions.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH - Race conditions require precise timing and local access

Exploitation requires authenticated local access and precise timing to win the race condition.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Zoom security bulletin ZSB-25016 for patched versions

Vendor Advisory: https://www.zoom.com/en/trust/security-bulletin/zsb-25016

Restart Required: Yes

Instructions:

1. Open Zoom Workplace Apps. 2. Go to Settings > About. 3. Check for updates or download latest version from zoom.us/download. 4. Install update. 5. Restart the application.

🔧 Temporary Workarounds

Restrict local user privileges

all

Limit standard user privileges to reduce impact of potential privilege escalation

Disable unnecessary Zoom features

all

Reduce attack surface by disabling non-essential Zoom Workplace features

🧯 If You Can't Patch

Implement strict least-privilege access controls for all users
Monitor for unusual privilege escalation attempts using endpoint detection tools

🔍 How to Verify

Check if Vulnerable:

Check Zoom version in Settings > About and compare against patched versions in ZSB-25016

Check Version:

On Windows: Get-ItemProperty 'HKLM:\Software\ZoomUMX' | Select-Object Version; On macOS: /Applications/zoom.us.app/Contents/Info.plist | grep CFBundleVersion; On Linux: dpkg -l | grep zoom or rpm -qa | grep zoom

Verify Fix Applied:

Verify Zoom version is updated to patched version listed in ZSB-25016

📡 Detection & Monitoring

Log Indicators:

Unusual privilege escalation events in system logs
Multiple rapid file access attempts by Zoom process

Network Indicators:

None - this is a local privilege escalation vulnerability

SIEM Query:

EventID=4688 OR EventID=4624 with Zoom process name and privilege changes on Windows; auth.log privilege escalation events on Linux

📊 Metadata

CVE ID: CVE-2025-30663

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-367

EPSS Score: 0.02% exploit probability (3.6th percentile)

Published: May 14, 2025

Last Updated: November 6, 2025

🔗 References

https://www.zoom.com/en/trust/security-bulletin/zsb-25016 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Meeting Software Development Kit by Zoom

Meeting Software Development Kit by Zoom

Meeting Software Development Kit by Zoom

Meeting Software Development Kit by Zoom

Meeting Software Development Kit by Zoom

Rooms by Zoom

Rooms by Zoom

Rooms by Zoom

Rooms by Zoom

Rooms Controller by Zoom

Rooms Controller by Zoom

Rooms Controller by Zoom

Rooms Controller by Zoom

Workplace by Zoom

Workplace by Zoom

Workplace Desktop by Zoom

Workplace Desktop by Zoom

Workplace Desktop by Zoom

Workplace Virtual Desktop Infrastructure by Zoom

Workplace Virtual Desktop Infrastructure by Zoom

Workplace Virtual Desktop Infrastructure by Zoom

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict local user privileges

Disable unnecessary Zoom features

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities