CVE-2025-67460
📋 TL;DR
A protection mechanism failure in Zoom Rooms for Windows allows unauthenticated local attackers to downgrade software versions and escalate privileges. This affects organizations using Zoom Rooms for Windows installations before version 6.6.0. The vulnerability requires physical or remote local access to the target system.
💻 Affected Systems
- Zoom Rooms for Windows
📦 What is this software?
Rooms by Zoom
⚠️ Risk & Real-World Impact
Worst Case
An attacker with local access could downgrade Zoom Rooms to a vulnerable version, then exploit known vulnerabilities in that older version to gain SYSTEM-level privileges and fully compromise the device.
Likely Case
An attacker with physical or remote desktop access could downgrade the software and gain elevated privileges to install malware, access sensitive data, or pivot to other systems on the network.
If Mitigated
With proper access controls and network segmentation, the impact is limited to the specific Zoom Rooms device, though it could still serve as an entry point for further network compromise.
🎯 Exploit Status
The vulnerability description indicates unauthenticated exploitation is possible via local access. No public exploit code has been reported as of the advisory.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.6.0 and later
Vendor Advisory: https://www.zoom.com/en/trust/security-bulletin/zsb-25050
Restart Required: Yes
Instructions:
1. Open Zoom Rooms controller. 2. Navigate to Settings > About. 3. Check current version. 4. If below 6.6.0, update through the Zoom admin portal or download latest version from Zoom website. 5. Restart the Zoom Rooms application after update.
🔧 Temporary Workarounds
Restrict Local Access
windowsLimit physical and remote access to Zoom Rooms devices to authorized personnel only.
Enable Windows Security Controls
windowsImplement Windows Defender Application Control or AppLocker to prevent unauthorized software execution.
🧯 If You Can't Patch
- Isolate Zoom Rooms devices on a separate network segment with strict firewall rules
- Implement strict physical security controls and limit user access to Zoom Rooms devices
🔍 How to Verify
Check if Vulnerable:
Check Zoom Rooms version in Settings > About. If version is below 6.6.0, the system is vulnerable.Check Version:
Not applicable - check version through Zoom Rooms GUI Settings > AboutVerify Fix Applied:
After updating, verify version is 6.6.0 or higher in Settings > About. Test that software downgrade attempts are blocked.📡 Detection & Monitoring
Log Indicators:
- Unexpected Zoom Rooms version changes
- Failed update attempts
- Unauthorized local login events
Network Indicators:
- Unusual network traffic from Zoom Rooms devices
- Connections to known malicious update servers
SIEM Query:
EventID=11707 OR EventID=11724 from Zoom Rooms logs showing version changes or update failures