CVE-2025-67461 in Rooms
Summary
by MITRE • 12/11/2025
External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of information via local access.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 12/30/2025
The vulnerability identified as CVE-2025-67461 represents a critical security flaw in Zoom Rooms for macOS software versions prior to 6.6.0. This issue falls under the category of external control of file name or path, which is classified as CWE-73 in the Common Weakness Enumeration catalog. The vulnerability arises from insufficient input validation and sanitization mechanisms within the Zoom Rooms application that processes file paths and names provided by authenticated users. Attackers exploiting this weakness can manipulate file path parameters to access unauthorized system resources, potentially leading to sensitive data disclosure through local system access.
The technical implementation of this vulnerability stems from the application's failure to properly validate and sanitize user-supplied file path inputs. When an authenticated user interacts with Zoom Rooms functionality that involves file operations, the system accepts external inputs without adequate filtering or sanitization. This allows malicious actors to inject specially crafted file path components that bypass normal access controls. The vulnerability specifically affects macOS environments where Zoom Rooms operates, creating a vector for local privilege escalation and information disclosure attacks. The flaw exists in the application's file handling routines that process user-provided path information, creating a direct path traversal condition that can be exploited to access files outside the intended directory structure.
From an operational impact perspective, this vulnerability poses significant risks to organizations utilizing Zoom Rooms for macOS. An authenticated attacker with local access to a system running vulnerable Zoom Rooms software can potentially extract sensitive configuration files, user data, meeting records, and other confidential information stored on the system. The local access requirement means that attackers must first establish a legitimate user session or gain physical access to the device, but once achieved, the impact can be severe. The vulnerability could enable attackers to access meeting recordings, participant information, system logs, and potentially credentials stored in local application data. This information disclosure threat aligns with the ATT&CK technique T1005 for Data from Local System and T1074 for Data Staged, as attackers can collect and exfiltrate sensitive information from compromised endpoints.
Organizations should immediately implement mitigations including updating to Zoom Rooms version 6.6.0 or later, which contains the necessary patches to address this vulnerability. System administrators should also review and restrict local access permissions to Zoom Rooms installations, implementing principle of least privilege controls. Network monitoring should be enhanced to detect anomalous file access patterns that might indicate exploitation attempts. Additionally, security teams should conduct comprehensive vulnerability assessments of all Zoom Rooms installations across their infrastructure to identify and remediate affected systems. The remediation process should include not only software updates but also security configuration reviews to ensure proper input validation and access control mechanisms are in place. Organizations should also consider implementing additional security controls such as application whitelisting, file integrity monitoring, and regular security audits to prevent similar vulnerabilities from being exploited in the future.