CVE-2023-34120

Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system privileges maintained by the Zoom client to spawn processes with escalated privileges.

Published: Jun 13, 2023
Updated: May 4, 2025
CVE: CVE-2023-34120
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
zoom / virtual_desktop_infrastructure	-	5.14.0

https://explore.zoom.us/en/trust/security/security-bulletin/

Vulnerability Database

289,697

CVE-2023-34120