Skip to main content

Workplace Virtual Desktop Infrastructure CVE-2025-30662

MEDIUM
Reliance on File Name or Extension of Externally-Supplied File (CWE-646)
2025-11-13 security@zoom.us
6.6
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.6 MEDIUM
AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 19:22 vuln.today
CVE Published
Nov 13, 2025 - 15:15 nvd
MEDIUM 6.6

DescriptionCVE.org

Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access.

AnalysisAI

Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-646. Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access. Affected products include: Zoom Workplace Virtual Desktop Infrastructure. Version information: version 6.3.14.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-49457 CRITICAL
9.6 Aug 12

Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of

CVE-2024-45421 HIGH
8.5 Feb 25

Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network acce

CVE-2024-39825 HIGH
8.5 Aug 14

Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation o

CVE-2024-27240 HIGH
7.8 Jul 15

Improper input validation in the installer for some Zoom Apps for Windows may allow an authenticated user to conduct a p

CVE-2024-27244 HIGH
7.8 May 15

Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an auth

CVE-2024-45419 HIGH
7.5 Nov 19

Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via

CVE-2024-27241 HIGH
7.5 Jul 15

Improper input validation in some Zoom Apps and SDKs may allow an authenticated user to conduct a denial of service via

CVE-2024-39826 MEDIUM
6.8 Jul 15

Race condition in Team Chat for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct

CVE-2024-27243 MEDIUM
6.5 May 15

Buffer overflow in some Zoom Workplace Apps and SDK’s may allow an authenticated user to conduct a denial of service via

CVE-2025-30667 MEDIUM
6.5 May 14

NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of

CVE-2025-30671 MEDIUM
6.5 Apr 08

Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of

CVE-2025-46785 MEDIUM
6.5 May 14

Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service

Share

CVE-2025-30662 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy