CVE-2025-30663
HIGHDescription
Time-of-check time-of-use race condition in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access.
Is your site exposed to CVE-2025-30663?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| zoom | meeting_software_development_kit |
| zoom | meeting_software_development_kit |
| zoom | meeting_software_development_kit |
| zoom | meeting_software_development_kit |
| zoom | meeting_software_development_kit |
| zoom | rooms |
| zoom | rooms |
| zoom | rooms |
| zoom | rooms |
| zoom | rooms_controller |
| zoom | rooms_controller |
| zoom | rooms_controller |
| zoom | rooms_controller |
| zoom | workplace |
| zoom | workplace |
| zoom | workplace_desktop |
| zoom | workplace_desktop |
| zoom | workplace_desktop |
| zoom | workplace_virtual_desktop_infrastructure |
| zoom | workplace_virtual_desktop_infrastructure |
| zoom | workplace_virtual_desktop_infrastructure |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-30663? +
How severe is CVE-2025-30663? +
What products are affected by CVE-2025-30663? +
How do I check if I'm vulnerable to CVE-2025-30663? +
Related Vulnerabilities
When sed is invoked with both -i (in-place edit) and --follow-symlinks, the function open_next_file() performs two separate, non-atomic filesystem operations …
MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a server-side request forgery (SSRF) …
Duende.AccessTokenManagement is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. Duende.AccessTokenManagement contains a race condition …
A time-of-check time-of-use (TOCTOU) race condition vulnerability has been reported to affect several product versions. If exploited, the vulnerability could …
conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. In versions prior to 2025.4.10, a race …
The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at …