{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-58131", "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "state": "PUBLISHED", "assignerShortName": "Zoom", "dateReserved": "2025-08-25T21:15:02.862Z", "datePublished": "2025-09-09T21:48:51.081Z", "dateUpdated": "2025-09-10T19:31:32.177Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon", "vendor": "Zoom Communications, Inc", "versions": [{"lessThan": "see references", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2025-09-09T12:01:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: transparent;\">\n\n<b><span style=\"background-color: transparent;\">\n\n<b><span style=\"background-color: transparent;\">\n\n<b><p><span style=\"background-color: transparent;\">Race condition in the Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon </span><span style=\"background-color: rgb(255, 255, 255);\">before version 6.4.10 (or before 6.2.15 and 6.3.12 in their respective tracks)</span><span style=\"background-color: transparent;\"> may allow an authenticated user to conduct a disclosure of information via network access.</span></p></b><br>\n\n</span></b>\n\n</span></b>\n\n<br></span>"}], "value": "Race condition in the Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon before version 6.4.10 (or before 6.2.15 and 6.3.12 in their respective tracks) may allow an authenticated user to conduct a disclosure of information via network access."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-367", "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "shortName": "Zoom", "dateUpdated": "2025-09-09T21:48:51.081Z"}, "references": [{"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-25037"}], "source": {"discovery": "UNKNOWN"}, "title": "Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon - Race Condition", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-10T19:31:16.172495Z", "id": "CVE-2025-58131", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-10T19:31:32.177Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-58131", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-09-10T19:31:16.172495Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-10T19:31:28.865Z"}}], "cna": {"title": "Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon - Race Condition", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Zoom Communications, Inc", "product": "Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon", "versions": [{"status": "affected", "version": "0", "lessThan": "see references", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2025-09-09T12:01:00.000Z", "references": [{"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-25037"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Race condition in the Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon before version 6.4.10 (or before 6.2.15 and 6.3.12 in their respective tracks) may allow an authenticated user to conduct a disclosure of information via network access.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: transparent;\">\n\n<b><span style=\"background-color: transparent;\">\n\n<b><span style=\"background-color: transparent;\">\n\n<b><p><span style=\"background-color: transparent;\">Race condition in the Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon </span><span style=\"background-color: rgb(255, 255, 255);\">before version 6.4.10 (or before 6.2.15 and 6.3.12 in their respective tracks)</span><span style=\"background-color: transparent;\"> may allow an authenticated user to conduct a disclosure of information via network access.</span></p></b><br>\n\n</span></b>\n\n</span></b>\n\n<br></span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-367", "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition"}]}], "providerMetadata": {"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "shortName": "Zoom", "dateUpdated": "2025-09-09T21:48:51.081Z"}}}, "cveMetadata": {"cveId": "CVE-2025-58131", "state": "PUBLISHED", "dateUpdated": "2025-09-10T19:31:32.177Z", "dateReserved": "2025-08-25T21:15:02.862Z", "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "datePublished": "2025-09-09T21:48:51.081Z", "assignerShortName": "Zoom"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Race condition in the Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon before version 6.4.10 (or before 6.2.15 and 6.3.12 in their respective tracks) may allow an authenticated user to conduct a disclosure of information via network access."}], "id": "CVE-2025-58131", "lastModified": "2025-09-11T17:14:10.147", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.2, "source": "security@zoom.us", "type": "Secondary"}]}, "published": "2025-09-09T22:15:33.770", "references": [{"source": "security@zoom.us", "url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-25037"}], "sourceIdentifier": "security@zoom.us", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-367"}], "source": "security@zoom.us", "type": "Secondary"}]}

{}