CVE-2025-30662

Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access.

CVSS v3 6.6 MEDIUM

6.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.3 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.zoom.com/en/trust/security-bulletin/zsb-25045	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure::::::macos::*
	cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure::::::macos::*
	cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure::::::macos::*

History

No history.

Information

Published : 2025-11-13 15:15

Updated : 2026-01-09 22:10

NVD link : CVE-2025-30662

Mitre link : CVE-2025-30662

CVE.ORG link : CVE-2025-30662

JSON object : View

Products Affected

zoom

workplace_virtual_desktop_infrastructure

CWE

CWE-646

Reliance on File Name or Extension of Externally-Supplied File

{"id": "CVE-2025-30662", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@zoom.us", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-11-13T15:15:51.070", "references": [{"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25045", "tags": ["Vendor Advisory"], "source": "security@zoom.us"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@zoom.us", "description": [{"lang": "en", "value": "CWE-646"}]}], "descriptions": [{"lang": "en", "value": "Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access."}], "lastModified": "2026-01-09T22:10:55.730", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "3C47721E-82D9-4607-9C27-BAC7C1B872A1", "versionEndExcluding": "6.3.14"}, {"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "3508872C-50EA-4E60-9898-A444B998E77A", "versionEndExcluding": "6.4.14", "versionStartIncluding": "6.4.0"}, {"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "7FC04625-1677-4265-8DF8-6C563F72C0E4", "versionEndExcluding": "6.5.10", "versionStartIncluding": "6.5.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@zoom.us"}