Zoom Rooms Vulnerabilities Allow Attackers to Escalate

Newly discovered vulnerabilities within Zoom’s software ecosystem could grant local attackers complete system access on affected machines.

As organizations continue to rely heavily on virtual meetings, threat actors are constantly hunting for ways to exploit these communication tools.

Zoom has rapidly released patches for three distinct security flaws affecting Zoom Rooms for Windows, the Zoom Workplace VDI Plugin, and Zoom Workplace for iOS.

If left unpatched, the most severe of these bugs allows authenticated users to quietly escalate their privileges and gain unauthorized control over affected devices.

High-Severity Windows Vulnerabilities

The most critical threats come from two high-severity flaws impacting Windows users, both discovered and reported to Zoom by security researcher sim0nsecurity.

The first flaw, tracked as CVE-2026-30906, affects the Zoom Rooms installer for Windows through an untrusted search path weakness.

When a software program does not properly verify the directories it uses to load critical files, attackers can plant malicious code in those paths.

An authenticated user with local access can exploit this oversight to escalate their privileges and take deeper administrative control of the system.

The second major vulnerability, CVE-2026-30905, exists in the Zoom Workplace VDI Plugin Windows Universal Installer. This bug involves the external control of a file name or path.

By manipulating how the installer handles file paths during setup, a local attacker can force the system to execute unauthorized commands, opening another dangerous avenue for privilege escalation.

While Windows users face the immediate threat of privilege escalation, iOS users face a different kind of risk.

Tracked as CVE-2026-30904, this low-severity vulnerability affects Zoom Workplace for iOS.

Reported by security researcher errorsec_, the flaw involves a failure of a protection mechanism.

Unlike the Windows bugs, an attacker needs physical access to the iOS device to exploit this issue.

If successful, the attacker could bypass protections to force the application to disclose sensitive information. Because it requires physical access and high privileges, the CVSS severity score remains a low 1.8.

To mitigate these risks and prevent potential system takeovers, users and system administrators must act quickly.

Zoom has already released updates to address these security gaps across all affected platforms.

Organizations should enforce rapid patch management policies and ensure their endpoints are fully up to date.

Users can secure their devices by downloading and applying the latest versions directly from the official Zoom download portal.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.