CVE-2025-0147 – A type confusion vulnerability in Zoom Workplac... (How to Fix)

Q: What is the severity of CVE-2025-0147?

CVE-2025-0147 has a CVSS score of 8.8 (HIGH). A type confusion vulnerability in Zoom Workplace App for Linux allows authenticated users to escalate privileges through network access. This affects Linux users running vulnerable versions of the Zoom Workplace App. Attackers could gain elevated system access by exploiting this flaw.

📋 TL;DR

A type confusion vulnerability in Zoom Workplace App for Linux allows authenticated users to escalate privileges through network access. This affects Linux users running vulnerable versions of the Zoom Workplace App. Attackers could gain elevated system access by exploiting this flaw.

💻 Affected Systems

Products:

Zoom Workplace App

Versions: Linux versions before 6.2.10

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Linux versions of Zoom Workplace App. Requires authenticated user access.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker could gain root privileges on the Linux system, potentially compromising the entire machine and accessing sensitive data or deploying malware.

🟠

Likely Case

An authenticated user could elevate their privileges to gain unauthorized access to system resources, user data, or perform administrative actions.

🟢

If Mitigated

With proper access controls and network segmentation, impact would be limited to the affected user's scope and system.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated user access and network connectivity to the target system.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.2.10 or later

Vendor Advisory: https://www.zoom.com/en/trust/security-bulletin/zsb-25006/

Restart Required: No

Instructions:

1. Open Zoom Workplace App. 2. Click your profile picture. 3. Select 'Check for Updates'. 4. Follow prompts to update to version 6.2.10 or later. 5. Alternatively, download latest version from zoom.us/download.

🔧 Temporary Workarounds

Disable Zoom Workplace App

Linux

Temporarily disable or uninstall Zoom Workplace App until patched

sudo systemctl stop zoom
sudo apt remove zoom

🧯 If You Can't Patch

Restrict network access to Zoom Workplace App using firewall rules
Implement strict user privilege separation and monitor for privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check Zoom version in app settings or run: zoom --version

Check Version:

zoom --version

Verify Fix Applied:

Confirm version is 6.2.10 or later using: zoom --version

📡 Detection & Monitoring

Log Indicators:

Unexpected privilege escalation events in system logs
Zoom process running with elevated privileges unexpectedly

Network Indicators:

Unusual network connections from Zoom process
Network traffic patterns suggesting exploitation

SIEM Query:

process.name:"zoom" AND event.action:"privilege_escalation" OR user.id_changed:true

📊 Metadata

CVE ID: CVE-2025-0147

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-843

EPSS Score: 0.2% exploit probability (41.8th percentile)

Published: January 30, 2025

Last Updated: August 1, 2025

🔗 References

https://www.zoom.com/en/trust/security-bulletin/zsb-25006/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-0147, you might also want to check these: