EUVD-2025-21012CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
3Description
Improper certificate validation in Zoom Workplace for Linux before version 6.4.13 may allow an unauthorized user to conduct an information disclosure via network access.
Analysis
CVE-2025-46788 is an improper certificate validation vulnerability in Zoom Workplace for Linux versions before 6.4.13 that allows unauthenticated network-based attackers to conduct information disclosure attacks with high complexity requirements. The vulnerability enables unauthorized users to intercept or access sensitive information through network access by bypassing SSL/TLS certificate validation mechanisms. While the CVSS score is 7.4 (high), the attack complexity is high (AC:H), suggesting exploitation requires specific conditions; KEV status and active exploitation data are not currently available, warranting monitoring for disclosure.
Technical Context
This vulnerability stems from improper implementation of certificate validation in Zoom Workplace for Linux, a client application that communicates over network protocols. The root cause is classified as CWE-295 (Improper Certificate Validation), which occurs when applications fail to properly verify X.509 certificates during TLS/SSL handshakes. Affected versions before 6.4.13 likely contain flawed certificate chain validation, hostname verification, or certificate pinning logic. The vulnerability manifests in the Linux client's network communication layer (CPE: cpe:2.3:a:zoom:zoom_workplace:*:*:*:*:*:linux:*:*), affecting the encryption and authentication protections of client-server communications. An attacker positioned on the network could leverage this to perform man-in-the-middle (MITM) attacks by presenting invalid or self-signed certificates that the vulnerable client accepts.
Affected Products
Zoom Workplace for Linux, versions prior to 6.4.13. Specific affected versions are not enumerated in the provided data, but the CPE indicates: cpe:2.3:a:zoom:zoom_workplace:*:*:*:*:*:linux:*:* for all versions before 6.4.13. The vulnerability is specific to the Linux distribution of Zoom Workplace; Windows and macOS versions are not mentioned as affected. Organizations should verify their current Zoom Workplace for Linux version and apply updates if running any version before 6.4.13. Enterprise deployments using Zoom for Linux should prioritize patching, especially those in zero-trust or high-security environments where certificate validation is critical.
Remediation
Immediate action: Upgrade Zoom Workplace for Linux to version 6.4.13 or later. This is the patched version that remediates CWE-295 certificate validation flaws. For organizations unable to immediately patch: (1) Restrict Zoom Workplace for Linux client usage to trusted, controlled networks where MITM attacks are mitigated by network segmentation; (2) Deploy network-level TLS inspection and certificate pinning at the gateway level if possible; (3) Monitor for suspicious certificate validation warnings in Zoom client logs; (4) Disable Zoom Workplace for Linux temporarily in high-risk environments until patching is complete; (5) Implement endpoint detection and response (EDR) to identify MITM attack patterns. Check Zoom's official security advisories and release notes for patch availability confirmation and additional mitigation guidance. Verify patch deployment through version verification commands (zoom --version or similar) after updates.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today