CVE-2025-0147

High

Published: 30 January 2025

Published

30 January 2025

Modified

01 August 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0056 68.4th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

Type confusion in the Zoom Workplace App for Linux before 6.2.10 may allow an authorized user to conduct an escalation of privilege via network access.

Security Summary

CVE-2025-0147 is a type confusion vulnerability (CWE-843) affecting the Zoom Workplace App for Linux in versions before 6.2.10. Published on 2025-01-30, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

An authorized user can exploit this vulnerability via network access to achieve an escalation of privilege. Per the CVSS vector, exploitation occurs over the network with low attack complexity, requires user interaction but no attacker privileges, and has unchanged scope, enabling high confidentiality, integrity, and availability impacts.

The Zoom security bulletin at https://www.zoom.com/en/trust/security-bulletin/zsb-25006/ provides details on mitigation, which includes updating the Zoom Workplace App for Linux to version 6.2.10 or later.

Details

CWE(s): CWE-843

Affected Products

zoom

meeting software development kit

≤ 6.2.10

zoom

video software development kit

≤ 6.2.10

zoom

workplace desktop

≤ 6.2.10

References

https://www.zoom.com/en/trust/security-bulletin/zsb-25006/
Vendor Advisory · security@zoom.us