Type Confusion in Zoom Workplace App for Linux Leading to Escalation of Privilege
CVE-2025-0147

8.8HIGH

Key Information:

Vendor: Zoom Communications, Inc
Status: Zoom Workplace App For Linux
Vendor: CVE Published:; 30 January 2025

Summary

A type confusion vulnerability in the Zoom Workplace App for Linux allows an authorized user to execute an escalation of privilege by leveraging network access. This security flaw, present in versions prior to 6.2.10, can potentially permit unauthorized actions by compromised accounts within the application, highlighting the need for prompt updates to mitigate risks.

Affected Version(s)

Zoom Workplace App for Linux Linux 0 < 6.2.10

References

https://www.zoom.com/en/trust/security-bulletin/zsb-25006/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 30, 2025
Vulnerability Reserved
Dec 23, 2024