CVE-2025-30662 | THREATINT

Description

Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access.

PUBLISHED Reserved 2025-03-24 | Published 2025-11-13 | Updated 2025-11-14 | Assigner Zoom

MEDIUM: 6.6CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Problem types

CWE-646: Reliance on File Name or Extension of Externally-Supplied File

Product status

Default status

unaffected

see references

affected

References

www.zoom.com/en/trust/security-bulletin/zsb-25045

cve.org (CVE-2025-30662)

nvd.nist.gov (CVE-2025-30662)

Download JSON