CVE-2022-28764 is a local information exposure vulnerability affecting the Zoom Client for Meetings across multiple platforms including Android, iOS, Linux, macOS, and Windows. The vulnerability arises due to the Zoom client failing to properly clear sensitive meeting data stored in a local SQL database after a meeting ends. Additionally, the encryption protecting this database relies on a per-device key that is insufficiently secure. As a result, a local malicious user with access to the same device user account can extract sensitive meeting information, such as in-meeting chat logs from the previous meeting attended. This vulnerability does not require user interaction to exploit but does require local access with limited privileges (local privilege required). The vulnerability impacts confidentiality only, with no impact on integrity or availability. The CVSS v3.1 base score is 3.3, reflecting a low severity rating. No known exploits in the wild have been reported. The issue affects all versions of the Zoom client prior to version 5.12.6, which presumably contains the fix. The root cause is a combination of improper data sanitization post-meeting and weak encryption key management for local data storage. This vulnerability is classified under CWE-200, which pertains to exposure of sensitive information to unauthorized actors. Since the vulnerability requires local access and privileges, it is primarily a concern in multi-user environments or shared devices where an attacker can gain access to the victim’s user account or device session. The risk is mitigated if devices are single-user or properly secured against unauthorized local access. However, in enterprise or shared workstation environments, this vulnerability could lead to leakage of confidential meeting content and chat history to unauthorized local users.

For European organizations, the primary impact of this vulnerability is the potential unauthorized disclosure of sensitive meeting information, including chat messages, to local attackers who have access to the same device user account. This could lead to leakage of confidential business discussions, strategic plans, or personal data shared during meetings. Although the vulnerability does not allow remote exploitation, the risk is significant in environments where devices are shared, such as hot-desking offices, public terminals, or multi-user systems. The exposure of meeting chat logs could violate data protection regulations such as the GDPR if personal or sensitive data is disclosed. This could result in reputational damage, regulatory fines, and loss of trust. Additionally, the confidentiality breach could aid industrial espionage or insider threats by revealing sensitive communications. The vulnerability does not affect system integrity or availability, so operational disruption is unlikely. However, the confidentiality impact is non-negligible in sectors handling sensitive information, including finance, healthcare, government, and critical infrastructure. Organizations with strict compliance requirements or those conducting confidential negotiations over Zoom should prioritize addressing this vulnerability. The risk is lower for organizations enforcing strict device access controls and endpoint security but remains relevant where local access controls are weaker or devices are shared.

1. Upgrade all Zoom Client for Meetings installations to version 5.12.6 or later, where this vulnerability has been addressed by properly clearing meeting data and strengthening encryption of local databases. 2. Implement strict local device access controls to prevent unauthorized users from accessing other users’ accounts or sessions. This includes enforcing strong user authentication, session locking, and limiting shared device usage. 3. Employ endpoint security solutions that monitor and restrict unauthorized access to application data stores and local databases. 4. For environments with shared devices, consider using virtual desktop infrastructure (VDI) or containerized application sessions to isolate user data and prevent cross-user data leakage. 5. Educate users about the risks of leaving devices unattended or logged in, especially in shared or public environments. 6. Regularly audit and monitor local file system access to detect suspicious attempts to access Zoom data files. 7. If upgrading is not immediately possible, consider disabling local chat logging or clearing chat histories manually after meetings as a temporary workaround. 8. Review and update organizational policies regarding device sharing and endpoint security to reduce the risk of local privilege abuse. These mitigations go beyond generic advice by focusing on local access controls, endpoint monitoring, and operational practices tailored to the nature of this vulnerability.