CVE-2024-45418
Published: 25 February 2025
Summary
CVE-2024-45418 is a medium-severity UNIX Symbolic Link (Symlink) Following (CWE-61) vulnerability in Zoom Meeting Software Development Kit. Its CVSS base score is 5.4 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 43.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-11 (User-installed Software) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-45418 involves symlink following in the installer for some Zoom apps on macOS versions before 6.1.5. This vulnerability, tied to CWE-61 (Symbolic Link Following) and CWE-59 (Improper Link Resolution Before File Access), carries a CVSS v3.1 base score of 5.4 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) and was published on 2025-02-25.
An authenticated user with network access can exploit the issue during the installation process, requiring low attack complexity, user interaction, and low privileges. Successful exploitation enables escalation of privilege, with changed scope leading to limited impacts on confidentiality and integrity but no availability disruption.
Zoom's security bulletin at https://www.zoom.com/en/trust/security-bulletin/zsb-24040/ addresses the vulnerability, recommending an update to version 6.1.5 or later as the primary mitigation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-53926
Vulnerability details
Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Symlink following vulnerability in macOS installer directly enables local privilege escalation via exploitation of improper link resolution (CWE-59/61).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely remediation of the symlink following flaw in the Zoom installer by applying the vendor update to version 6.1.5 or later.
Prohibits or controls user-installed software to block execution of the vulnerable Zoom installer that enables authenticated privilege escalation via symlink following.
Enforces validation of file paths and inputs to mitigate improper symlink resolution before file access (CWE-59/61) during the installation process.