Auth bypass in Zoom Communications, Inc Workplace For Windows On Arm
CVE-2025-49459
Missing authorization in the installer for Zoom Workplace for Windows on ARM before version 6.5.0 may allow an authenticated user to conduct an escalation of privilege via local access.
Vulnerability class: Broken Access Control
EPSS: 0.001 (3.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2025-49459?
- CVE-2025-49459 is a high-severity vulnerability in Zoom Communications, Inc Workplace For Windows On Arm, classified under Missing Authorization. CVSS score: 7.8/10. Published 2025-09-09.
- How severe is CVE-2025-49459?
- High severity. CVSS v3 base score is 7.8 out of 10.