Workplace Virtual Desktop Infrastructure
CVE-2025-30662
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Lifecycle Timeline
2DescriptionCVE.org
Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access.
AnalysisAI
Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-646. Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access. Affected products include: Zoom Workplace Virtual Desktop Infrastructure. Version information: version 6.3.14.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of
Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network acce
Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation o
Improper input validation in the installer for some Zoom Apps for Windows may allow an authenticated user to conduct a p
Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an auth
Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via
Improper input validation in some Zoom Apps and SDKs may allow an authenticated user to conduct a denial of service via
Race condition in Team Chat for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct
Buffer overflow in some Zoom Workplace Apps and SDK’s may allow an authenticated user to conduct a denial of service via
NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of
Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of
Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today