CVE-2025-0151

Use after free in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.

CVSS v3 8.5 HIGH

8.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.zoom.com/en/trust/security-bulletin/zsb-25010/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:zoom:meeting_software_development_kit::::::android::*
	cpe:2.3:a:zoom:meeting_software_development_kit::::::iphone_os::*
	cpe:2.3:a:zoom:meeting_software_development_kit::::::linux::*
	cpe:2.3:a:zoom:meeting_software_development_kit::::::macos::*
	cpe:2.3:a:zoom:meeting_software_development_kit::::::windows::*
	cpe:2.3:a:zoom:rooms::::::android::*
	cpe:2.3:a:zoom:rooms::::::ipados::*
	cpe:2.3:a:zoom:rooms::::::macos::*
	cpe:2.3:a:zoom:rooms::::::windows::*
	cpe:2.3:a:zoom:rooms_controller::::::android::*
	cpe:2.3:a:zoom:rooms_controller::::::linux::*
	cpe:2.3:a:zoom:rooms_controller::::::macos::*
	cpe:2.3:a:zoom:rooms_controller::::::windows::*
	cpe:2.3:a:zoom:workplace::::::android::*
	cpe:2.3:a:zoom:workplace::::::iphone_os::*
	cpe:2.3:a:zoom:workplace_desktop::::::linux::*
	cpe:2.3:a:zoom:workplace_desktop::::::macos::*
	cpe:2.3:a:zoom:workplace_desktop::::::windows::*
	cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure::::::windows::*
	cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure::::::windows::*

History

22 Oct 2025, 19:35

Type	Values Removed	Values Added
First Time		Zoom rooms Zoom rooms Controller Zoom meeting Software Development Kit Zoom workplace Virtual Desktop Infrastructure Zoom Zoom workplace Desktop Zoom workplace
References	~~() https://www.zoom.com/en/trust/security-bulletin/zsb-25010/ -~~	() https://www.zoom.com/en/trust/security-bulletin/zsb-25010/ - Vendor Advisory
CPE		cpe:2.3:a:zoom:workplace_desktop::::::windows::* cpe:2.3:a:zoom:rooms_controller::::::linux::* cpe:2.3:a:zoom:workplace_desktop::::::linux::* cpe:2.3:a:zoom:meeting_software_development_kit::::::android::* cpe:2.3:a:zoom:rooms::::::macos::* cpe:2.3:a:zoom:workplace::::::iphone_os::* cpe:2.3:a:zoom:rooms_controller::::::android::* cpe:2.3:a:zoom:rooms::::::android::* cpe:2.3:a:zoom:meeting_software_development_kit::::::macos::* cpe:2.3:a:zoom:rooms_controller::::::macos::* cpe:2.3:a:zoom:workplace::::::android::* cpe:2.3:a:zoom:workplace_desktop::::::macos::* cpe:2.3:a:zoom:rooms::::::ipados::* cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure::::::windows::* cpe:2.3:a:zoom:rooms_controller::::::windows::* cpe:2.3:a:zoom:meeting_software_development_kit::::::windows::* cpe:2.3:a:zoom:rooms::::::windows::* cpe:2.3:a:zoom:meeting_software_development_kit::::::linux::* cpe:2.3:a:zoom:meeting_software_development_kit::::::iphone_os::*
Summary		(es) El uso posterior a la liberación en algunas aplicaciones de Zoom Workplace puede permitir que un usuario autenticado realice una escalada de privilegios a través del acceso a la red.

11 Mar 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-11 18:15

Updated : 2025-10-22 19:35

NVD link : CVE-2025-0151

Mitre link : CVE-2025-0151

CVE.ORG link : CVE-2025-0151

JSON object : View

Products Affected

zoom

workplace_desktop
rooms_controller
rooms
workplace
meeting_software_development_kit
workplace_virtual_desktop_infrastructure

CWE

CWE-416

Use After Free

8.5 /10