Zoom Workplace app for macOS - Symlink Following

Bulletin: ZSB-25005
CVEID: CVE-2025-0146
CVSS Severity: Low
CVSS Score: 3.9
CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

Description:

Symlink following in the installer for Zoom Workplace app for macOS before 6.2.10 may allow an authenticated user to conduct a denial of service via local access.

Users can help keep themselves secure by applying the latest updates available at https://zoom.us/download.

Affected Products:

Zoom Workplace App for macOS before version 6.2.10
Zoom Rooms Client for macOS before version 6.2.10
Zoom Rooms Controller for macOS before version 6.2.10
Zoom Meeting SDK for macOS before version 6.2.10
Zoom Video SDK for macOS before version 6.2.10

Source:

Reported by an anonymous researcher.

Revision	Date	Description
1.0	01/14/2025	Initial publication.

Zoom Workplace app for macOS - Symlink Following

Subscribe for updates