CVE-2025-30662

EPSS 0.02%
Veröffentlicht 13.11.2025 14:53:09
Zuletzt bearbeitet 09.01.2026 22:10:55
Quelle security@zoom.us
CVE-Watchlists
Login
Unerledigt
Login

Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zoom ≫ Workplace Virtual Desktop Infrastructure SwPlatformmacos Version < 6.3.14

Zoom ≫ Workplace Virtual Desktop Infrastructure SwPlatformmacos Version >= 6.4.0 < 6.4.14

Zoom ≫ Workplace Virtual Desktop Infrastructure SwPlatformmacos Version >= 6.5.0 < 6.5.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.035

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
security@zoom.us	6.6	1.3	5.2	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

CWE-646 Reliance on File Name or Extension of Externally-Supplied File

The product allows a file to be uploaded, but it relies on the file name or extension of the file to determine the appropriate behaviors. This could be used by attackers to cause the file to be misclassified and processed in a dangerous fashion.

https://www.zoom.com/en/trust/security-bulletin/zsb-25045

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-30662

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-30662

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-30662

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-30662