CVE-2025-30663

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.0 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

ime-of-check time-of-use race condition in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access.

References

Link	Resource
https://www.zoom.com/en/trust/security-bulletin/zsb-25016	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:zoom:meeting_software_development_kit::::::android::*
	cpe:2.3:a:zoom:meeting_software_development_kit::::::iphone_os::*
	cpe:2.3:a:zoom:meeting_software_development_kit::::::linux::*
	cpe:2.3:a:zoom:meeting_software_development_kit::::::macos::*
	cpe:2.3:a:zoom:meeting_software_development_kit::::::windows::*
	cpe:2.3:a:zoom:rooms::::::android::*
	cpe:2.3:a:zoom:rooms::::::ipados::*
	cpe:2.3:a:zoom:rooms::::::macos::*
	cpe:2.3:a:zoom:rooms::::::windows::*
	cpe:2.3:a:zoom:rooms_controller::::::android::*
	cpe:2.3:a:zoom:rooms_controller::::::linux::*
	cpe:2.3:a:zoom:rooms_controller::::::macos::*
	cpe:2.3:a:zoom:rooms_controller::::::windows::*
	cpe:2.3:a:zoom:workplace::::::android::*
	cpe:2.3:a:zoom:workplace::::::iphone_os::*
	cpe:2.3:a:zoom:workplace_desktop::::::linux::*
	cpe:2.3:a:zoom:workplace_desktop::::::macos::*
	cpe:2.3:a:zoom:workplace_desktop::::::windows::*
	cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure::::::windows::*
	cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure::::::windows::*
	cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure::::::windows::*

History

06 Nov 2025, 15:34

Type	Values Removed	Values Added
References	~~() https://www.zoom.com/en/trust/security-bulletin/zsb-25016 -~~	() https://www.zoom.com/en/trust/security-bulletin/zsb-25016 - Vendor Advisory
CPE		cpe:2.3:a:zoom:meeting_software_development_kit::::::linux::* cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure::::::windows::* cpe:2.3:a:zoom:workplace_desktop::::::macos::* cpe:2.3:a:zoom:rooms_controller::::::macos::* cpe:2.3:a:zoom:workplace_desktop::::::linux::* cpe:2.3:a:zoom:meeting_software_development_kit::::::iphone_os::* cpe:2.3:a:zoom:meeting_software_development_kit::::::windows::* cpe:2.3:a:zoom:rooms_controller::::::android::* cpe:2.3:a:zoom:meeting_software_development_kit::::::macos::* cpe:2.3:a:zoom:rooms::::::windows::* cpe:2.3:a:zoom:workplace_desktop::::::windows::* cpe:2.3:a:zoom:meeting_software_development_kit::::::android::* cpe:2.3:a:zoom:rooms::::::ipados::* cpe:2.3:a:zoom:rooms::::::macos::* cpe:2.3:a:zoom:rooms_controller::::::linux::* cpe:2.3:a:zoom:rooms_controller::::::windows::* cpe:2.3:a:zoom:rooms::::::android::* cpe:2.3:a:zoom:workplace::::::iphone_os::* cpe:2.3:a:zoom:workplace::::::android::*
First Time		Zoom rooms Zoom workplace Virtual Desktop Infrastructure Zoom workplace Zoom rooms Controller Zoom meeting Software Development Kit Zoom workplace Desktop Zoom

16 May 2025, 14:43

Type	Values Removed	Values Added
Summary		(es) La condición de ejecución de tiempo de uso y tiempo de verificación en algunas aplicaciones de Zoom Workplace puede permitir que un usuario autenticado realice una escalada de privilegios a través del acceso local.

14 May 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-14 18:15

Updated : 2025-11-06 15:34

NVD link : CVE-2025-30663

Mitre link : CVE-2025-30663

CVE.ORG link : CVE-2025-30663

JSON object : View

Products Affected

zoom

CWE

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

8.8 /10