Description
Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access.
CVSS Metrics
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
- Attack Vector
- local
- Complexity
- low
- Privileges
- low
- User Action
- required
- Scope
- unchanged
- Confidentiality
- high
- Integrity
- high
- Availability
- none
- Weaknesses
- CWE-646
Metadata
- Primary Vendor
- ZOOM
- Published
- 11/13/2025
- Last Modified
- 1/9/2026
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
zoom : workplace_virtual_desktop_infrastructurezoom : workplace_virtual_desktop_infrastructurezoom : workplace_virtual_desktop_infrastructure
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.