CVE-2025-64739 – This vulnerability in Zoom Clients allows unaut... (How to Fix)

Q: What is the severity of CVE-2025-64739?

CVE-2025-64739 has a CVSS score of 4.3 (MEDIUM). This vulnerability in Zoom Clients allows unauthenticated attackers to control file paths, potentially leading to information disclosure via network access. It affects Zoom users running vulnerable client versions, allowing attackers to access sensitive files if they can interact with the client over a network.

📋 TL;DR

This vulnerability in Zoom Clients allows unauthenticated attackers to control file paths, potentially leading to information disclosure via network access. It affects Zoom users running vulnerable client versions, allowing attackers to access sensitive files if they can interact with the client over a network.

💻 Affected Systems

Products:

Zoom Client

Versions: Specific versions listed in ZSB-25041 (check vendor advisory)

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects standard Zoom Client installations; requires network access to vulnerable client.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could access sensitive local files by manipulating file paths, potentially exposing credentials, configuration files, or other confidential data.

🟠

Likely Case

Limited information disclosure of non-critical files accessible through controlled file paths, potentially revealing user preferences or configuration details.

🟢

If Mitigated

With proper network segmentation and access controls, the attack surface is reduced to internal networks only, limiting exposure.

🌐 Internet-Facing: MEDIUM - While the vulnerability requires network access, Zoom clients typically operate behind firewalls, but exposed clients could be targeted.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this to access files on vulnerable Zoom clients.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires network access to vulnerable client and knowledge of file path manipulation techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check ZSB-25041 for specific patched versions

Vendor Advisory: https://www.zoom.com/en/trust/security-bulletin/zsb-25041

Restart Required: Yes

Instructions:

1. Open Zoom Client
2. Click your profile picture
3. Select 'Check for Updates'
4. Install any available updates
5. Restart Zoom Client

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to Zoom clients to trusted networks only

Disable Unnecessary Features

all

Disable file transfer and other non-essential features in Zoom settings

🧯 If You Can't Patch

Implement strict network access controls to limit who can communicate with Zoom clients
Monitor for unusual file access patterns or network connections to Zoom clients

🔍 How to Verify

Check if Vulnerable:

Check Zoom Client version against affected versions listed in ZSB-25041

Check Version:

Windows: Open Zoom > Settings > About > Version; macOS: Zoom > About Zoom; Linux: zoom --version

Verify Fix Applied:

Verify Zoom Client version is updated to patched version specified in ZSB-25041

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns from Zoom process
Failed file path resolution attempts in Zoom logs

Network Indicators:

Unexpected network connections to Zoom client ports
Unusual file transfer patterns

SIEM Query:

process_name="Zoom.exe" AND (event_type="file_access" OR event_type="network_connection")

📊 Metadata

CVE ID: CVE-2025-64739

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CWE: CWE-73

EPSS Score: 0.07% exploit probability (21.9th percentile)

Published: November 13, 2025

Last Updated: January 13, 2026

🔗 References

https://www.zoom.com/en/trust/security-bulletin/zsb-25041 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-64739, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Meeting Software Development Kit by Zoom

Meeting Software Development Kit by Zoom

Meeting Software Development Kit by Zoom

Rooms by Zoom

Rooms by Zoom

Rooms by Zoom

Rooms Controller by Zoom

Rooms Controller by Zoom

Rooms Controller by Zoom

Workplace Desktop by Zoom

Workplace Desktop by Zoom

Workplace Desktop by Zoom

Workplace Virtual Desktop Infrastructure by Zoom

Workplace Virtual Desktop Infrastructure by Zoom

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Disable Unnecessary Features

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities