CVE-2025-0150
Published: 11 March 2025
Summary
CVE-2025-0150 is a high-severity Incorrect Behavior Order (CWE-696) vulnerability in Zoom Meeting Software Development Kit. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 35.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates CVE-2025-0150 by requiring timely remediation through patching the vulnerable Zoom Workplace iOS app to version 6.3.0 or later.
Implements denial-of-service protections at network boundaries to counter the high availability impact from authenticated network-based exploitation.
Establishes access controls and usage restrictions for mobile devices running vulnerable iOS apps, limiting low-privilege authenticated users' ability to trigger the flaw via network access.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables remote exploitation of the Zoom iOS app leading to denial-of-service via incorrect behavior order, directly mapping to application or system exploitation under endpoint DoS.
NVD Description
Incorrect behavior order in some Zoom Workplace Apps for iOS before version 6.3.0 may allow an authenticated user to conduct a denial of service via network access.
Deeper analysisAI
CVE-2025-0150 involves incorrect behavior order, classified under CWE-696, affecting Zoom Workplace Apps for iOS in versions before 6.3.0. This flaw enables an authenticated user to trigger a denial-of-service condition through network access. The vulnerability carries a CVSS v3.1 base score of 7.1, reflecting network attack vector (AV:N), low attack complexity (AC:L), low privileges required (PR:L), no user interaction (UI:N), unchanged scope (S:U), low confidentiality impact (C:L), no integrity impact (I:N), and high availability impact (A:H).
An authenticated user with low privileges can exploit this vulnerability remotely over the network, requiring minimal complexity and no user interaction on the target. Exploitation leads primarily to a denial-of-service, severely disrupting availability, alongside limited confidentiality exposure but without affecting integrity.
The Zoom security bulletin ZSB-25009, available at https://www.zoom.com/en/trust/security-bulletin/zsb-25009/, addresses this issue, with the vulnerability resolved in Zoom Workplace Apps for iOS version 6.3.0 and later.
Details
- CWE(s)