CVE-2025-46788
Published: 10 July 2025
Summary
CVE-2025-46788 is a high-severity Improper Certificate Validation (CWE-295) vulnerability in Zoom Workplace Desktop. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 28.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-8 (Transmission Confidentiality and Integrity) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-46788 is an improper certificate validation vulnerability affecting Zoom Workplace for Linux versions prior to 6.4.13. This flaw, classified under CWE-295, enables potential information disclosure through network access due to inadequate verification of certificates during communication. The vulnerability carries a CVSS v3.1 base score of 7.4 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating high confidentiality and integrity impacts with high attack complexity but no requirement for privileges or user interaction.
An attacker with network access to a vulnerable Zoom Workplace for Linux installation could exploit this issue to conduct information disclosure. By leveraging the improper certificate validation, an unauthorized user might intercept or manipulate communications, potentially exposing sensitive data and compromising the integrity of sessions without disrupting availability.
Zoom's security bulletin (ZSB-25023) at https://https://www.zoom.com/en/trust/security-bulletin/zsb-25023/ addresses this vulnerability, recommending an upgrade to Zoom Workplace for Linux version 6.4.13 or later as the primary mitigation to properly enforce certificate validation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-21012
Vulnerability details
Improper certificate validation in Zoom Workplace for Linux before version 6.4.13 may allow an unauthorized user to conduct an information disclosure via network access.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Improper certificate validation (CWE-295) directly enables an on-path attacker to perform adversary-in-the-middle interception or manipulation of Zoom traffic, matching T1557.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires cryptographic mechanisms that enforce transmission confidentiality and integrity, which proper certificate validation implements for Zoom network sessions.
Addresses issuance and validation of PKI certificates used to authenticate Zoom endpoints and prevent man-in-the-middle information disclosure.
Requires timely remediation of software flaws such as the improper certificate validation in Zoom Workplace for Linux < 6.4.13.