CVE-2025-64738 is a vulnerability classified under CWE-73 (External Control of File Name or Path) found in Zoom Communications Inc.'s Zoom Workplace application for macOS versions before 6.5.10. This flaw allows an authenticated user with local access to manipulate file names or paths used by the application, potentially leading to unauthorized disclosure of sensitive information stored or processed by the software. The vulnerability does not require elevated privileges beyond authentication, but it does require user interaction, indicating that exploitation might involve tricking a user into performing certain actions within the application. The CVSS v3.1 score is 5.0 (medium severity), reflecting a high impact on confidentiality but no impact on integrity or availability. The attack vector is local (AV:L), with low attack complexity (AC:L), and privileges required are low (PR:L). The vulnerability scope is unchanged (S:U), meaning the exploit affects only the vulnerable component. No patches or exploits are currently publicly available, but the vendor has acknowledged and published the vulnerability. This issue could allow attackers to access sensitive files or data paths by controlling file names or paths externally, which could lead to information leakage within environments where Zoom Workplace is used on macOS systems.

For European organizations, this vulnerability poses a risk primarily to confidentiality, as sensitive information could be disclosed to unauthorized users with local access. Organizations with macOS endpoints running Zoom Workplace are at risk, especially in environments where multiple users share devices or where endpoint security is lax. The impact is heightened in sectors handling sensitive or regulated data, such as finance, healthcare, and government institutions. Since the vulnerability requires local authenticated access and user interaction, remote exploitation is unlikely, but insider threats or compromised endpoints could leverage this flaw. The lack of impact on integrity and availability reduces the risk of disruption but does not diminish the potential for data breaches. Given Zoom's widespread use across Europe, particularly in corporate and educational sectors, the vulnerability could affect a broad range of organizations if not mitigated promptly.

Organizations should immediately verify the version of Zoom Workplace for macOS deployed and plan to upgrade to version 6.5.10 or later once available. Until a patch is released, restrict local access to macOS devices running Zoom Workplace to trusted users only, employing strict endpoint access controls and user account management. Implement application whitelisting and monitor for unusual file access patterns related to Zoom Workplace directories. Educate users about the risk of interacting with suspicious prompts or files within Zoom Workplace. Employ endpoint detection and response (EDR) solutions to detect anomalous behavior indicative of exploitation attempts. Regularly audit local user permissions and remove unnecessary privileges to minimize the risk of exploitation. Additionally, maintain up-to-date backups and ensure that sensitive data is encrypted at rest to reduce the impact of potential information disclosure.