What is CVE-2025-30663?

A high-severity privilege escalation vulnerability has been identified in Zoom Workplace Apps. This issue could allow authenticated users to escalate privileges through local access. Immediate patching is recommended.

What is the severity of CVE-2025-30663?

CVE-2025-30663 has a severity rating of HIGH with a CVSS base score of 8.8.

CVE-2025-30663 | High Vulnerability in Zoom Workplace Apps

CVE-2025-30663 is a high-severity vulnerability affecting Zoom Workplace Apps, specifically related to a time-of-check time-of-use race condition. This vulnerability allows authenticated users to escalate their privileges via local access, potentially leading to unauthorized actions within the application. With a CVSS score of 8.8, this vulnerability poses a significant risk to organizations utilizing Zoom's services.

The urgency for defenders is high, as this vulnerability could lead to serious consequences if exploited. Organizations using affected Zoom products should prioritize patching this vulnerability immediately to mitigate potential risks.

The exploitation status of this vulnerability is currently unknown, as there are no confirmed public exploits or proofs of concept available. However, the potential for exploitation exists given the nature of the vulnerability.

Organizations should prepare to implement remediation strategies to secure their systems and protect sensitive data from unauthorized access.

Vulnerability Details

CVE-2025-30663 describes a time-of-check time-of-use race condition that allows an authenticated user to conduct an escalation of privilege through local access. The vulnerability affects multiple Zoom products, including the meeting software development kit, rooms, rooms controller, workplace, workplace desktop, and workplace virtual desktop infrastructure. The CVSS score is 8.8, indicating a high severity level, and it has been categorized under CWE-367.

Technical Analysis

The root cause of this vulnerability lies in the race condition that occurs during the time of check and time of use. The attack vector is local, meaning that an attacker would need local access to exploit the vulnerability. The attack complexity is low, requiring only low privileges, and there is no user interaction necessary. The confidentiality, integrity, and availability impacts are all classified as high, emphasizing the potential for significant damage if the vulnerability is exploited.

Risk & Impact Analysis

Risk to organizations includes unauthorized privilege escalation, which can lead to data breaches or loss of control over critical systems. Given the wide deployment of Zoom products in various sectors, the blast radius of this vulnerability is significant. Organizations should assess their exposure and prioritize remediation based on the CVSS score and the potential impact on their operations.

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

All versions of Zoom Workplace Apps prior to version 6.4.0 are affected, including the meeting software development kit and various workplace products. Organizations should verify their versions and apply the necessary patches.

Mitigation & Remediation

Organizations should prioritize patching immediately. The recommended version to upgrade to is 6.4.0 or later. If a patch is unavailable, organizations should consider implementing configuration hardening and network controls to limit local access. Continuous monitoring is also recommended to detect any anomalies.

Detection Guidance

Security teams should monitor logs for indicators of unauthorized access and behavioral anomalies within Zoom applications. Network signatures can also help identify potential exploitation attempts, while system changes should be closely observed.

AppSecure Threat Intelligence Insight

The significance of CVE-2025-30663 lies in its demonstration of the potential vulnerabilities in widely used communication platforms like Zoom. This highlights the need for organizations to regularly assess their applications for vulnerabilities. Security teams should implement a robust vulnerability management program and conduct regular security assessments to identify and mitigate similar risks.

The patterns of privilege escalation vulnerabilities in local applications serve as a reminder for developers to employ secure coding practices. Engaging in penetration testing can also be beneficial in uncovering such vulnerabilities before they are exploited.

In conclusion, CVE-2025-30663 highlights the critical need for vigilance in application security and the implementation of effective remediation strategies.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-30663: High Vulnerability in Zoom Workplace Apps