CVE-2025-30669: 
Zoom VDI Client vulnerability analysis and mitigation

Improper certificate validation in certain Zoom Clients (CVE-2025-30669) was discovered, affecting multiple Zoom products including Zoom Workplace for Windows and Linux before version 6.5.10, Zoom Workplace VDI Client for Windows before versions 6.3.14, 6.4.12 and 6.5.10, and Zoom Meeting SDK for Windows and Linux before version 6.5.10. The vulnerability was reported by shmoul and disclosed on November 11, 2025 (Zoom Security).

The vulnerability has been assigned a CVSS v3.1 base score of 4.8 (Medium severity) with the vector string CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N. This indicates that the vulnerability requires adjacent network access, has high attack complexity, needs no privileges, requires user interaction, and can potentially lead to high confidentiality impact without affecting integrity or availability (Zoom Security).

The vulnerability allows an unauthenticated user to conduct a disclosure of information via adjacent access. The impact is primarily focused on confidentiality, with potential exposure of sensitive information (Zoom Security).

Users are advised to apply the latest updates available at https://zoom.us/download to protect against this vulnerability. The issue has been fixed in Zoom Workplace version 6.5.10 and later versions for both Windows and Linux platforms, as well as in specific versions of the VDI Client and Meeting SDK (Zoom Security).