CVE-2025-0150 - Vulnerability Details - OpenCVE

Incorrect behavior order in some Zoom Workplace Apps for iOS before version 6.3.0 may allow an authenticated user to conduct a denial of service via network access.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Zoom	Meeting Software Development Kit Workplace

Configuration 1 [-]

OR	cpe:2.3:a:zoom:meeting_software_development_kit::::::iphone_os::*
	cpe:2.3:a:zoom:workplace::::::iphone_os::*

No data.

References

Link	Providers
https://www.zoom.com/en/trust/security-bulletin/zsb-25009/

History

Fri, 01 Aug 2025 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Zoom Zoom meeting Software Development Kit Zoom workplace
CPEs		cpe:2.3:a:zoom:meeting_software_development_kit::::::iphone_os::* cpe:2.3:a:zoom:workplace::::::iphone_os::*
Vendors & Products		Zoom Zoom meeting Software Development Kit Zoom workplace

Fri, 11 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00051}`	epss `{'score': 0.00124}`

Tue, 11 Mar 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 11 Mar 2025 17:30:00 +0000

Type	Values Removed	Values Added
Description		Incorrect behavior order in some Zoom Workplace Apps for iOS before version 6.3.0 may allow an authenticated user to conduct a denial of service via network access.
Title		Zoom Workplace Apps for iOS - Incorrect Behavior Order
Weaknesses		CWE-696
References		https://www.zoom.com/en/trust/security-bulletin/zsb-25009/
Metrics		cvssV3_1 `{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: Zoom

Published: 2025-03-11T17:06:43.951Z

Updated: 2025-03-11T18:47:03.336Z

Reserved: 2024-12-23T21:42:59.174Z

Link: CVE-2025-0150

Vulnrichment

Updated: 2025-03-11T18:46:58.752Z

NVD

Status : Analyzed

Published: 2025-03-11T18:15:29.800

Modified: 2025-08-01T14:33:10.597

Link: CVE-2025-0150

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-0150", "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "state": "PUBLISHED", "assignerShortName": "Zoom", "dateReserved": "2024-12-23T21:42:59.174Z", "datePublished": "2025-03-11T17:06:43.951Z", "dateUpdated": "2025-03-11T18:47:03.336Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["iOS"], "product": "Zoom Workplace Apps for iOS", "vendor": "Zoom Communications, Inc", "versions": [{"lessThan": "6.3.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2025-03-11T12:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Incorrect behavior order in some Zoom Workplace Apps for iOS before version 6.3.0 may allow an authenticated user to conduct a denial of service via network access.<br><br>"}], "value": "Incorrect behavior order in some Zoom Workplace Apps for iOS before version 6.3.0 may allow an authenticated user to conduct a denial of service via network access."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-696", "description": "CWE-696: Incorrect Behavior Order", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "shortName": "Zoom", "dateUpdated": "2025-03-11T17:06:43.951Z"}, "references": [{"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25009/"}], "source": {"discovery": "UNKNOWN"}, "title": "Zoom Workplace Apps for iOS - Incorrect Behavior Order", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-11T18:46:54.754347Z", "id": "CVE-2025-0150", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-11T18:47:03.336Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0150", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-11T18:46:54.754347Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-11T18:46:58.752Z"}}], "cna": {"title": "Zoom Workplace Apps for iOS - Incorrect Behavior Order", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Zoom Communications, Inc", "product": "Zoom Workplace Apps for iOS", "versions": [{"status": "affected", "version": "0", "lessThan": "6.3.0", "versionType": "custom"}], "platforms": ["iOS"], "defaultStatus": "unaffected"}], "datePublic": "2025-03-11T12:00:00.000Z", "references": [{"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25009/"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Incorrect behavior order in some Zoom Workplace Apps for iOS before version 6.3.0 may allow an authenticated user to conduct a denial of service via network access.", "supportingMedia": [{"type": "text/html", "value": "Incorrect behavior order in some Zoom Workplace Apps for iOS before version 6.3.0 may allow an authenticated user to conduct a denial of service via network access.<br><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-696", "description": "CWE-696: Incorrect Behavior Order"}]}], "providerMetadata": {"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "shortName": "Zoom", "dateUpdated": "2025-03-11T17:06:43.951Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0150", "state": "PUBLISHED", "dateUpdated": "2025-03-11T18:47:03.336Z", "dateReserved": "2024-12-23T21:42:59.174Z", "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "datePublished": "2025-03-11T17:06:43.951Z", "assignerShortName": "Zoom"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*", "matchCriteriaId": "FE1DAB56-3382-4E45-9D61-7E276557D71E", "versionEndExcluding": "6.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*", "matchCriteriaId": "4D7BED23-44F1-44C6-B49F-BBD05659D671", "versionEndExcluding": "6.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Incorrect behavior order in some Zoom Workplace Apps for iOS before version 6.3.0 may allow an authenticated user to conduct a denial of service via network access."}, {"lang": "es", "value": "El orden de comportamiento incorrecto en algunas aplicaciones de Zoom Workplace para iOS anteriores a la versi\u00f3n 6.3.0 puede permitir que un usuario autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red."}], "id": "CVE-2025-0150", "lastModified": "2025-08-01T14:33:10.597", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2025-03-11T18:15:29.800", "references": [{"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25009/"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-696"}], "source": "[email protected]", "type": "Secondary"}]}