CVE-2025-0146 is a vulnerability found in the Zoom Workplace App for macOS, specifically versions prior to 6.2.10. This vulnerability allows authenticated users to conduct a denial of service via local access due to symlink following in the installer. The severity of this vulnerability is classified as low, with a CVSS score of 3.9, indicating that while it poses a risk, the impact is relatively limited.
Risk to organizations includes potential disruptions to service availability. While the exploitation of this vulnerability requires authenticated access, the nature of the denial of service attack can lead to significant operational challenges. Therefore, organizations should prioritize patching immediately.
Currently, there are no known exploits available for this vulnerability, and it is not included in the Known Exploited Vulnerabilities (KEV) catalog. However, the potential for local denial of service attacks necessitates a proactive response from organizations using affected Zoom products.
Organizations should assess their deployment of the Zoom Workplace App and related components, ensuring that all installations are updated to version 6.2.10 or later to mitigate this vulnerability effectively.
Vulnerability Details
The official CVE description states that the symlink following in the installer may allow an authenticated user to conduct a denial of service via local access. This vulnerability falls under the CWE-59 classification, which pertains to symbolic link following issues. The CVSS score from the NVD is 5.0, indicating a medium severity level based on availability impacts, as it can lead to a high availability impact.
Affected products include the Zoom Meeting Software Development Kit, Rooms, Rooms Controller, Video Software Development Kit, and Workplace Desktop, all prior to version 6.2.10. The vulnerability was published on January 30, 2025, and is currently analyzed with a last modification date of August 1, 2025.
Technical Analysis
The root cause of this vulnerability lies in improper handling of symbolic links in the installer of the Zoom Workplace App. An authenticated user can exploit this through local access, leveraging the low attack complexity and required user interaction.
The attack vector is localized, meaning it can only be executed on systems where the user has already authenticated. The attack complexity is low, and the required privileges are also low. User interaction is necessary for the exploitation to succeed. The impacts of this vulnerability include low integrity and availability impacts, with no confidentiality impact.
Risk & Impact Analysis
Real-world deployment of this vulnerability poses a risk to organizations, particularly those relying on the Zoom Workplace App for critical communications and operations. The potential for a denial of service attack means that operational capabilities could be severely impacted, leading to disruptions in service availability. The blast radius may include all users of the affected applications, emphasizing the need for immediate remediation.
Given the CVSS score and the lack of KEV status, organizations should schedule remediation as part of their routine maintenance processes. While the urgency is classified as low, the implications of an unpatched vulnerability can escalate quickly if left unaddressed.
Signal | Status |
|---|---|
Known Exploit | No |
Public PoC | No |
Actively Exploited | No |
Ransomware Use | No |
Affected Versions
The vulnerability affects multiple components of Zoom, including the Meeting Software Development Kit, Rooms, Rooms Controller, Video Software Development Kit, and Workplace Desktop. Specifically, all versions prior to 6.2.10 are vulnerable to this issue.
Mitigation & Remediation
Organizations should immediately upgrade to version 6.2.10 or later of the Zoom Workplace App and associated components to resolve this vulnerability. If updates are unavailable, consider implementing configuration hardening to limit local access and monitor for any unusual activities that may indicate attempts to exploit this vulnerability.
Additional security measures, such as network segmentation and user training on safe practices, can further mitigate risks. For comprehensive security evaluations, organizations may consider leveraging penetration testing services.
Detection Guidance
To detect potential exploit attempts for CVE-2025-0146, organizations should monitor for unusual local access patterns and log any related system changes. Anomalies in user behavior or access patterns may also indicate attempts to leverage this vulnerability.
AppSecure Threat Intelligence Insight
This vulnerability highlights the importance of secure software installation processes. As organizations increasingly rely on third-party applications, ensuring comprehensive security assessments during the software development lifecycle is crucial. The ongoing trend of vulnerabilities related to local access underscores the need for proactive security measures.
To further understand best practices in securing applications, organizations can refer to our guide on penetration testing methodology and explore our resources on vulnerability management program design to strengthen their defenses.
In conclusion, CVE-2025-0146 serves as a reminder that even low-severity vulnerabilities can lead to significant impacts if not addressed promptly. Continuous monitoring and improvement of security practices are vital.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)