CVE-2025-46788 – Zoom Workplace for Linux versions before 6.4.13... (How to Fix)

Q: What is the severity of CVE-2025-46788?

CVE-2025-46788 has a CVSS score of 7.4 (HIGH). Zoom Workplace for Linux versions before 6.4.13 have improper certificate validation that could allow an attacker to intercept communications and access sensitive information. This affects Linux users running vulnerable Zoom Workplace versions who connect to potentially malicious networks.

📋 TL;DR

Zoom Workplace for Linux versions before 6.4.13 have improper certificate validation that could allow an attacker to intercept communications and access sensitive information. This affects Linux users running vulnerable Zoom Workplace versions who connect to potentially malicious networks.

💻 Affected Systems

Products:

Zoom Workplace

Versions: All versions before 6.4.13

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Zoom Workplace (not basic Zoom Client) on Linux systems. Requires network access to intercept communications.

📦 What is this software?

Workplace Desktop by Zoom

View all CVEs affecting Workplace Desktop →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could perform a man-in-the-middle attack to intercept and decrypt Zoom communications, potentially accessing meeting content, chat messages, file transfers, and authentication credentials.

🟠

Likely Case

Information disclosure of meeting content, chat conversations, or file transfers when users connect to compromised or malicious networks.

🟢

If Mitigated

Limited impact if proper network segmentation and certificate pinning are in place, though some information disclosure may still occur.

🌐 Internet-Facing: MEDIUM - Requires network access and ability to intercept traffic, but many users connect Zoom from untrusted networks.

🏢 Internal Only: LOW - Internal networks typically have better controls, but risk exists if internal network is compromised.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires network position to intercept traffic and ability to present invalid certificates. No authentication required to trigger the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.4.13

Vendor Advisory: https://www.zoom.com/en/trust/security-bulletin/zsb-25023/

Restart Required: Yes

Instructions:

1. Open Zoom Workplace on Linux. 2. Click your profile picture. 3. Select 'Check for Updates'. 4. Install version 6.4.13 or later. 5. Restart Zoom Workplace.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict Zoom traffic to trusted networks only

Certificate Pinning

all

Implement certificate pinning at network level if supported

🧯 If You Can't Patch

Use Zoom web client instead of desktop application for critical meetings
Avoid using Zoom on untrusted or public networks until patched

🔍 How to Verify

Check if Vulnerable:

Check Zoom version in Settings > About. If version is below 6.4.13, system is vulnerable.

Check Version:

zoom --version 2>/dev/null || dpkg -l | grep zoom || rpm -qa | grep -i zoom

Verify Fix Applied:

Confirm Zoom version is 6.4.13 or higher in Settings > About.

📡 Detection & Monitoring

Log Indicators:

Certificate validation errors in Zoom logs
Unexpected certificate authorities in TLS handshakes

Network Indicators:

Man-in-the-middle detection alerts
Unexpected certificate chains in Zoom traffic

SIEM Query:

source="zoom" AND (certificate_validation_failure OR ssl_error)

📊 Metadata

CVE ID: CVE-2025-46788

CVSS v3 Score: 7.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-295

EPSS Score: 0.02% exploit probability (5.2th percentile)

Published: July 10, 2025

Last Updated: August 5, 2025

🔗 References

https://https://www.zoom.com/en/trust/security-bulletin/zsb-25023/ Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-46788, you might also want to check these: