CVE-2025-67461 – This vulnerability in Zoom Rooms for macOS allo... (How to Fix)

Q: What is the severity of CVE-2025-67461?

CVE-2025-67461 has a CVSS score of 5.0 (MEDIUM). This vulnerability in Zoom Rooms for macOS allows authenticated local users to control file paths, potentially leading to information disclosure. It affects Zoom Rooms for macOS versions before 6.6.0 when accessed by authenticated users on the local system.

📋 TL;DR

This vulnerability in Zoom Rooms for macOS allows authenticated local users to control file paths, potentially leading to information disclosure. It affects Zoom Rooms for macOS versions before 6.6.0 when accessed by authenticated users on the local system.

💻 Affected Systems

Products:

Zoom Rooms for macOS

Versions: All versions before 6.6.0

Operating Systems: macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated local access to the macOS system running Zoom Rooms.

📦 What is this software?

Rooms by Zoom

View all CVEs affecting Rooms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker could manipulate file paths to access sensitive system files or configuration data, potentially exposing credentials, user data, or system information.

🟠

Likely Case

Local authenticated users could access files outside intended directories, potentially exposing Zoom configuration data or other application files.

🟢

If Mitigated

With proper access controls and patching, the risk is limited to authorized users accessing only intended application files.

🌐 Internet-Facing: LOW - This requires local authenticated access, not remote exploitation.

🏢 Internal Only: MEDIUM - Local authenticated users could exploit this, but requires physical or remote desktop access to the macOS system.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated local access and knowledge of macOS file system paths. No public exploit code has been disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.6.0

Vendor Advisory: https://www.zoom.com/en/trust/security-bulletin/zsb-25051

Restart Required: Yes

Instructions:

1. Open Zoom Rooms client on macOS. 2. Go to Settings > About. 3. Check for updates or download version 6.6.0 from Zoom's website. 4. Install the update and restart the application.

🔧 Temporary Workarounds

Restrict local user access

macOS

Limit which users have authenticated access to macOS systems running Zoom Rooms

Implement file system restrictions

macOS

Use macOS sandboxing or file system permissions to restrict Zoom Rooms' file access

🧯 If You Can't Patch

Restrict physical and remote desktop access to Zoom Rooms systems
Implement strict user access controls and monitor for unusual file access patterns

🔍 How to Verify

Check if Vulnerable:

Check Zoom Rooms version in Settings > About. If version is below 6.6.0, the system is vulnerable.

Check Version:

Open Zoom Rooms, go to Settings > About to view version number

Verify Fix Applied:

Confirm Zoom Rooms version is 6.6.0 or higher in Settings > About.

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns by Zoom Rooms process
Access to files outside expected Zoom directories

Network Indicators:

Not applicable - local vulnerability

SIEM Query:

Process:Zoom AND (FileAccess:*/../* OR FileAccess:*../../*)

📊 Metadata

CVE ID: CVE-2025-67461

CVSS v3 Score: 5.0 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-73

EPSS Score: 0.02% exploit probability (2.5th percentile)

Published: December 10, 2025

Last Updated: December 30, 2025

🔗 References

https://www.zoom.com/en/trust/security-bulletin/zsb-25051 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-67461, you might also want to check these: