CVE-2025-0150
📋 TL;DR
An incorrect behavior order vulnerability in Zoom Workplace Apps for iOS allows authenticated users to cause denial of service via network access. This affects Zoom Workplace Apps for iOS users running versions before 6.3.0. The vulnerability requires an authenticated attacker with network access to the target device.
💻 Affected Systems
- Zoom Workplace Apps for iOS
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker could render Zoom Workplace Apps for iOS completely unusable on targeted devices, disrupting business communications and collaboration for affected users.
Likely Case
Targeted denial of service attacks against specific users or devices, causing temporary disruption to Zoom functionality until the app is restarted or patched.
If Mitigated
Minimal impact with proper network segmentation and access controls limiting which authenticated users can reach vulnerable devices.
🎯 Exploit Status
Exploitation requires authenticated access and understanding of the incorrect behavior order. No public exploit code is currently available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.3.0 and later
Vendor Advisory: https://www.zoom.com/en/trust/security-bulletin/zsb-25009/
Restart Required: No
Instructions:
1. Open the App Store on the iOS device. 2. Search for 'Zoom Workplace'. 3. If an update is available, tap 'Update'. 4. Alternatively, enable automatic updates in iOS Settings > App Store > App Updates.
🔧 Temporary Workarounds
Restrict network access
allLimit which authenticated users can access vulnerable devices through network segmentation and access controls.
Monitor for unusual activity
allImplement monitoring for unusual network patterns or repeated connection attempts to Zoom Workplace Apps.
🧯 If You Can't Patch
- Implement strict access controls to limit which authenticated users can reach vulnerable iOS devices
- Monitor for denial of service patterns and have incident response procedures ready for affected devices
🔍 How to Verify
Check if Vulnerable:
Check the Zoom Workplace App version on iOS devices: Open Zoom Workplace > Tap profile icon > Settings > About > Check version number.Check Version:
Manual check through app interface as described aboveVerify Fix Applied:
Verify version is 6.3.0 or higher using the same steps as checking vulnerability.📡 Detection & Monitoring
Log Indicators:
- Unusual connection patterns to Zoom Workplace Apps
- Multiple failed connection attempts followed by service disruption
Network Indicators:
- Abnormal network traffic patterns to/from Zoom Workplace Apps on iOS devices
- Sudden drops in Zoom service availability
SIEM Query:
source="zoom_logs" AND (event_type="connection_error" OR event_type="service_disruption") AND app_version<"6.3.0"