Latest version: 1.10.2 || ZeroTier is now available on MikroTik. Read more.

ZeroTier for Windows Local Privilege Escalation


ZeroTier versions 1.8.7 and below for Windows set incorrect filesystem permissions on “C:\ProgramData\ZeroTier\One\”.

The Users group had write access to the directory ZeroTier reads on startup, allowing privilege escalation via DLL hijacking.

MacOS, Linux, and other platforms were not affected.


Local privilege escalation to SYSTEM.


Upgrade Windows systems to version 1.8.8.


This issue was brought to our attention by @ycdxsb, via

This vulnerability is CVE-2022-1316