CVE-2025-30662 is a vulnerability classified under CWE-646, which involves reliance on file names or extensions of externally supplied files. Specifically, the Zoom Workplace VDI Plugin macOS Universal installer versions prior to 6.3.14, 6.4.14, and 6.5.10 contain a flaw where symlink following is improperly handled during installation. This allows an authenticated user with local privileges to manipulate symbolic links to cause the installer to disclose sensitive information over the network. The vulnerability arises because the installer trusts file names or extensions without adequate validation, enabling attackers to redirect file operations through symlinks to unintended locations. Exploitation requires the attacker to be authenticated on the system and to interact with the installer, which limits remote exploitation but still poses a risk in environments where users have elevated privileges or can be socially engineered. The CVSS 3.1 base score of 6.6 reflects a medium severity, with attack vector local, low attack complexity, low privileges required, and user interaction necessary. The impact is high on confidentiality and integrity, with no impact on availability. No known exploits are currently in the wild, but the vulnerability is publicly disclosed and should be addressed promptly. The affected product is used in virtual desktop infrastructure (VDI) setups on macOS, which are common in enterprise environments for remote work and secure access.

For European organizations, this vulnerability could lead to unauthorized disclosure of sensitive information within virtual desktop infrastructure environments that utilize the Zoom Workplace VDI Plugin on macOS. Given the reliance on VDI solutions for remote work, especially in sectors like finance, healthcare, and government, the exposure of confidential data could result in regulatory non-compliance, reputational damage, and potential financial losses. The requirement for local authentication and user interaction reduces the likelihood of widespread remote exploitation but does not eliminate insider threats or targeted attacks leveraging social engineering. The integrity impact could allow attackers to manipulate installation processes, potentially leading to further compromise or persistence mechanisms. Organizations with macOS-heavy environments and extensive use of Zoom’s VDI solutions are particularly vulnerable. Additionally, the lack of availability impact means systems remain operational but compromised in confidentiality and integrity, which may go unnoticed without proper monitoring.

Organizations should prioritize updating the Zoom Workplace VDI Plugin macOS Universal installer to versions 6.3.14, 6.4.14, or 6.5.10 or later once patches are released. Until patches are available, restrict installer execution to trusted administrators and limit local user privileges to prevent unauthorized installer runs. Implement strict file system permissions to prevent creation or manipulation of symbolic links by non-privileged users. Employ endpoint detection and response (EDR) solutions to monitor for suspicious installer activity and symlink manipulations. Conduct user training to reduce the risk of social engineering attacks that could trigger exploitation. Regularly audit VDI environments for unauthorized changes and ensure network segmentation to limit exposure of sensitive data in case of compromise. Finally, coordinate with Zoom support for any interim mitigations or workarounds and maintain awareness of updates regarding this vulnerability.