Symlink Following Vulnerability in Zoom Workplace App for macOS
CVE-2025-0146

3.9LOW

Key Information:

Vendor: Zoom Communications, Inc
Status: Zoom Workplace App For Mac OS
Vendor: CVE Published:; 30 January 2025

Summary

A security issue exists in the installer for the Zoom Workplace App for macOS that allows authenticated users to exploit symlink following. This vulnerability can potentially enable attackers with local access to perform a denial of service by manipulating the installation process, leading to negative impacts on system availability and functionality.

Affected Version(s)

Zoom Workplace app for macOS MacOS 0 < 6.2.10

References

https://www.zoom.com/en/trust/security-bulletin/zsb-25005/

CVSS V3.1

Score:

3.9

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 30, 2025
Vulnerability Reserved
Dec 23, 2024