CVE-2025-64741 identifies a critical vulnerability in Zoom Communications Inc.'s Zoom Workplace application for Android devices, specifically versions before 6.5.10. The root cause is improper authorization handling combined with improper neutralization of special elements in output, categorized as CWE-74, which relates to injection flaws where malicious input is not correctly sanitized before being processed by downstream components. This vulnerability allows an unauthenticated attacker with network access to escalate privileges within the application context. The attack vector is network-based (AV:N), requiring no privileges (PR:N) but does require user interaction (UI:R), such as the victim initiating some action that triggers the exploit. The scope is unchanged (S:U), but the impact on confidentiality and integrity is high (C:H/I:H), while availability is unaffected (A:N). This means an attacker can potentially access or manipulate sensitive information or application state without disrupting service availability. Although no exploits have been observed in the wild, the vulnerability's characteristics make it a significant risk, especially in environments where Zoom Workplace is used extensively on Android devices. The lack of a patch link suggests that the fix is either newly released or pending, but users are advised to upgrade to version 6.5.10 or later once available. The vulnerability could be leveraged to bypass normal authorization checks, allowing attackers to perform actions or access data beyond their intended permissions, which could lead to data breaches or further compromise of enterprise resources.

For European organizations, this vulnerability poses a substantial risk due to the widespread use of Zoom Workplace on Android devices, especially in sectors with high remote work adoption such as finance, healthcare, and government. The ability for an unauthenticated attacker to escalate privileges via network access could lead to unauthorized access to sensitive communications, internal documents, and user credentials. This compromises confidentiality and integrity, potentially resulting in data leaks, espionage, or manipulation of corporate communications. The lack of impact on availability means services may continue running, masking the presence of an attacker. Given the high CVSS score and the nature of the vulnerability, organizations could face regulatory repercussions under GDPR if personal data is exposed. The threat is amplified in environments with less stringent network segmentation or where Android devices are used without robust endpoint security controls. Attackers exploiting this flaw could pivot within corporate networks, increasing the risk of lateral movement and further compromise.

1. Immediately update Zoom Workplace for Android to version 6.5.10 or later once the patch is available to address the vulnerability. 2. Implement strict network segmentation and firewall rules to limit network access to Zoom Workplace services, especially from untrusted or external networks. 3. Employ mobile device management (MDM) solutions to enforce application updates and restrict installation of unauthorized apps. 4. Monitor network traffic for unusual patterns or unauthorized access attempts targeting Zoom Workplace Android clients. 5. Educate users about the risks of interacting with unsolicited network requests or suspicious links within the Zoom app. 6. Conduct regular security assessments and penetration tests focusing on mobile applications and their network interactions. 7. Utilize endpoint detection and response (EDR) tools capable of identifying anomalous behaviors on Android devices. 8. Coordinate with Zoom Communications for timely vulnerability disclosures and patch management updates. 9. Review and tighten authorization policies within Zoom Workplace configurations to minimize privilege escalation risks. 10. Maintain comprehensive logging and audit trails for Zoom Workplace activities to facilitate incident investigation if exploitation occurs.