CVE-2025-0150

Incorrect behavior order in some Zoom Workplace Apps for iOS before version 6.3.0 may allow an authenticated user to conduct a denial of service via network access.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.zoom.com/en/trust/security-bulletin/zsb-25009/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:zoom:meeting_software_development_kit::::::iphone_os::*
	cpe:2.3:a:zoom:workplace::::::iphone_os::*

History

01 Aug 2025, 14:33

Type	Values Removed	Values Added
First Time		Zoom workplace Zoom Zoom meeting Software Development Kit
Summary		(es) El orden de comportamiento incorrecto en algunas aplicaciones de Zoom Workplace para iOS anteriores a la versión 6.3.0 puede permitir que un usuario autenticado realice una denegación de servicio a través del acceso a la red.
CPE		cpe:2.3:a:zoom:meeting_software_development_kit::::::iphone_os::* cpe:2.3:a:zoom:workplace::::::iphone_os::*
References	~~() https://www.zoom.com/en/trust/security-bulletin/zsb-25009/ -~~	() https://www.zoom.com/en/trust/security-bulletin/zsb-25009/ - Vendor Advisory

11 Mar 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-11 18:15

Updated : 2025-08-01 14:33

NVD link : CVE-2025-0150

Mitre link : CVE-2025-0150

CVE.ORG link : CVE-2025-0150

JSON object : View

Products Affected

zoom

meeting_software_development_kit
workplace

CWE

CWE-696

Incorrect Behavior Order

{"id": "CVE-2025-0150", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@zoom.us", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 4.2, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-03-11T18:15:29.800", "references": [{"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25009/", "tags": ["Vendor Advisory"], "source": "security@zoom.us"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@zoom.us", "description": [{"lang": "en", "value": "CWE-696"}]}], "descriptions": [{"lang": "en", "value": "Incorrect behavior order in some Zoom Workplace Apps for iOS before version 6.3.0 may allow an authenticated user to conduct a denial of service via network access."}, {"lang": "es", "value": "El orden de comportamiento incorrecto en algunas aplicaciones de Zoom Workplace para iOS anteriores a la versi\u00f3n 6.3.0 puede permitir que un usuario autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red."}], "lastModified": "2025-08-01T14:33:10.597", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "FE1DAB56-3382-4E45-9D61-7E276557D71E", "versionEndExcluding": "6.3.0"}, {"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "4D7BED23-44F1-44C6-B49F-BBD05659D671", "versionEndExcluding": "6.3.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@zoom.us"}