CVE-2025-64738 is a vulnerability classified under CWE-73 (External Control of File Name or Path) found in Zoom Communications Inc.'s Zoom Workplace application for macOS versions prior to 6.5.10. This flaw allows an authenticated user with local access to manipulate file names or paths used by the application, potentially leading to unauthorized disclosure of information. The vulnerability arises because the application does not properly validate or sanitize file path inputs controlled externally, enabling attackers to influence which files are accessed or disclosed. The CVSS 3.1 base score is 5.0 (medium), reflecting that the attack vector is local (AV:L), requires low attack complexity (AC:L), privileges (PR:L), and user interaction (UI:R). The impact is limited to confidentiality (C:H), with no integrity or availability impact. No public exploits have been reported yet, and no patches are linked, indicating the need for vigilance. The vulnerability could be exploited by malicious insiders or compromised accounts to access sensitive files or data within the local system environment. Given the nature of Zoom Workplace as a collaboration tool, sensitive corporate data could be at risk if exploited. The flaw highlights the importance of secure file handling and path validation in client applications, especially those handling confidential communications and data.

For European organizations, this vulnerability poses a confidentiality risk by enabling authenticated local users to access or disclose sensitive information improperly. Organizations relying on Zoom Workplace for macOS in environments where multiple users share systems or where endpoint security is lax may be particularly vulnerable. The impact is heightened in sectors with strict data protection regulations such as GDPR, where unauthorized data disclosure can lead to compliance violations and financial penalties. Although the vulnerability does not affect integrity or availability, the potential leakage of sensitive corporate or personal data could damage organizational reputation and trust. The requirement for local access and user interaction limits remote exploitation but does not eliminate insider threat risks or risks from compromised accounts. Organizations with macOS-heavy deployments and collaborative workflows using Zoom Workplace are at increased risk, especially if endpoint controls and user privilege management are insufficient.

To mitigate CVE-2025-64738, European organizations should: 1) Immediately restrict local access to systems running Zoom Workplace for macOS to trusted users only, minimizing the risk of exploitation by unauthorized personnel. 2) Implement strict user privilege management to ensure users have only the minimum necessary permissions on local machines. 3) Monitor file system access and application logs for unusual file path manipulations or access patterns indicative of exploitation attempts. 4) Educate users about the risks of interacting with untrusted content or performing actions that could trigger the vulnerability. 5) Once available, promptly apply Zoom Workplace updates or patches addressing this vulnerability. 6) Employ endpoint detection and response (EDR) tools capable of detecting suspicious local file access behaviors. 7) Consider isolating Zoom Workplace usage to dedicated user accounts or virtualized environments to limit lateral movement or data exposure. 8) Review and harden macOS security configurations, including application sandboxing and file system permissions, to reduce attack surface.