Insecure Default Variable Init in Zoom Workplace Apps (Win)
CVE-2025-27443 Published on April 8, 2025

Zoom Workplace Apps for Windows - Insecure Default Variable Initialization
Insecure default variable initialization in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a loss of integrity via local access.

NVD

Vulnerability Analysis

CVE-2025-27443 can be exploited with local system access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

REQUIRED

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

LOW

Availability Impact:

NONE

Weakness Type

Insecure Default Initialization of Resource

The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

Products Associated with CVE-2025-27443

Want to know whenever a new CVE is published for Zoom products? stack.watch will email you.

Zoom Rooms

Zoom Rooms Controller

Zoom Workplace Desktop

Zoom Meeting Software Development Kit

Affected Versions

Zoom Communications, Inc Zoom Workplace Apps for Windows Version See references. is affected by CVE-2025-27443

Exploit Probability

EPSS

0.06%

Percentile

18.14%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.