Zoom Workplace Apps iOS <6.3.0 Authenticated User DDoS via Network
CVE-2025-0150 Published on March 11, 2025

Zoom Workplace Apps for iOS - Incorrect Behavior Order
Incorrect behavior order in some Zoom Workplace Apps for iOS before version 6.3.0 may allow an authenticated user to conduct a denial of service via network access.

NVD

Vulnerability Analysis

CVE-2025-0150 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity, and a high impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
NONE
Availability Impact:
HIGH

Weakness Type

Incorrect Behavior Order

The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways which may produce resultant weaknesses.


Products Associated with CVE-2025-0150

stack.watch emails you whenever new vulnerabilities are published in Zoom Meeting Software Development Kit or Zoom Workplace. Just hit a watch button to start following.

Zoom Meeting Software Development Kit
 
Zoom Workplace
 

Affected Versions

Zoom Communications, Inc Zoom Workplace Apps for iOS:

Exploit Probability

EPSS
0.06%
Percentile
19.65%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.