CVE-2025-0146
LOWCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
Lifecycle Timeline
2Tags
Description
Symlink following in the installer for Zoom Workplace App for macOS before 6.2.10 may allow an authenticated user to conduct a denial of service via local access.
Analysis
Symlink following in the installer for Zoom Workplace App for macOS before 6.2.10 may allow an authenticated user to conduct a denial of service via local access. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. No vendor patch available.
Technical Context
This vulnerability is classified under CWE-59. Symlink following in the installer for Zoom Workplace App for macOS before 6.2.10 may allow an authenticated user to conduct a denial of service via local access. Affected products include: Zoom Meeting Software Development Kit, Zoom Rooms, Zoom Rooms Controller, Zoom Video Software Development Kit, Zoom Workplace Desktop. Version information: before 6.2.10.
Affected Products
Zoom Meeting Software Development Kit, Zoom Rooms, Zoom Rooms Controller, Zoom Video Software Development Kit, Zoom Workplace Desktop.
Remediation
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today