{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-58131", "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "state": "PUBLISHED", "assignerShortName": "Zoom", "dateReserved": "2025-08-25T21:15:02.862Z", "datePublished": "2025-09-09T21:48:51.081Z", "dateUpdated": "2025-09-09T21:48:51.081Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon", "vendor": "Zoom Communications, Inc", "versions": [{"lessThan": "see references", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2025-09-09T12:01:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: transparent;\">\n\n<b><span style=\"background-color: transparent;\">\n\n<b><span style=\"background-color: transparent;\">\n\n<b><p><span style=\"background-color: transparent;\">Race condition in the Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon </span><span style=\"background-color: rgb(255, 255, 255);\">before version 6.4.10 (or before 6.2.15 and 6.3.12 in their respective tracks)</span><span style=\"background-color: transparent;\"> may allow an authenticated user to conduct a disclosure of information via network access.</span></p></b><br>\n\n</span></b>\n\n</span></b>\n\n<br></span>"}], "value": "Race condition in the Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon before version 6.4.10 (or before 6.2.15 and 6.3.12 in their respective tracks) may allow an authenticated user to conduct a disclosure of information via network access."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-367", "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "shortName": "Zoom", "dateUpdated": "2025-09-09T21:48:51.081Z"}, "references": [{"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-25037"}], "source": {"discovery": "UNKNOWN"}, "title": "Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon - Race Condition", "x_generator": {"engine": "Vulnogram 0.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Race condition in the Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon before version 6.4.10 (or before 6.2.15 and 6.3.12 in their respective tracks) may allow an authenticated user to conduct a disclosure of information via network access."}], "id": "CVE-2025-58131", "lastModified": "2025-09-09T22:15:33.770", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.2, "source": "security@zoom.us", "type": "Secondary"}]}, "published": "2025-09-09T22:15:33.770", "references": [{"source": "security@zoom.us", "url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-25037"}], "sourceIdentifier": "security@zoom.us", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-367"}], "source": "security@zoom.us", "type": "Secondary"}]}

{}

{}