CVE-2025-30662 is a vulnerability identified in the Zoom Workplace VDI Plugin macOS Universal installer prior to versions 6.3.14, 6.4.14, and 6.5.10. The root cause is a CWE-646 weakness, which involves reliance on file names or extensions of externally supplied files during the installation process. Specifically, the installer improperly follows symbolic links (symlinks) without adequate validation, allowing an authenticated user to manipulate the installation process to disclose sensitive information over the network. This vulnerability requires the attacker to have some level of authentication and user interaction, but the access complexity is low once these conditions are met. The CVSS v3.1 base score is 6.6, reflecting a medium severity with high impact on confidentiality and integrity but no impact on availability. The flaw could allow attackers to access or modify sensitive installation files or configuration data, potentially leading to further compromise or leakage of confidential information. No public exploits have been reported yet, but the vulnerability is publicly disclosed and should be addressed promptly. The issue affects multiple release tracks of the Zoom Workplace VDI Plugin for macOS, emphasizing the need for coordinated patch management across different deployment environments.

The vulnerability poses a significant risk to organizations using the affected Zoom Workplace VDI Plugin on macOS systems. Exploitation could lead to unauthorized disclosure of sensitive information, including installation configuration files or credentials, which can undermine the confidentiality and integrity of the affected systems. This may facilitate further attacks such as privilege escalation, lateral movement, or targeted espionage within corporate networks. Since the vulnerability requires authentication and user interaction, the attack surface is somewhat limited; however, in environments with many users and frequent plugin installations or updates, the risk increases. The lack of availability impact means systems remain operational, but the breach of confidentiality and integrity can cause reputational damage, regulatory compliance issues, and financial losses. Organizations relying on Zoom for virtual desktop infrastructure should consider this vulnerability a priority for remediation to maintain secure communication and collaboration environments.

Organizations should immediately verify their Zoom Workplace VDI Plugin macOS Universal installer versions and plan to upgrade to versions 6.3.14, 6.4.14, or 6.5.10 or later once patches are released. Until patches are available, restrict access to the installer and limit installation privileges to trusted administrators only. Implement strict file system permissions and monitoring to detect unauthorized symlink creation or manipulation. Employ network segmentation to limit exposure of sensitive installation files and use endpoint security solutions capable of detecting suspicious file system activities. Educate users about the risks of interacting with untrusted files or installers and enforce multi-factor authentication to reduce the risk of unauthorized access. Regularly audit and review installation logs and network traffic for anomalies that may indicate exploitation attempts. Coordinate with Zoom support and subscribe to official advisories to receive timely updates on patches and mitigation guidance.