CVE-2025-64741 is a vulnerability classified under CWE-74, indicating improper neutralization of special elements in output used by a downstream component, commonly known as an injection flaw. This specific vulnerability affects Zoom Communications Inc.'s Zoom Workplace application for Android devices, versions prior to 6.5.10. The flaw arises from improper authorization handling, which allows an unauthenticated attacker to escalate privileges through network access. The vulnerability does not require the attacker to be authenticated but does require some form of user interaction, likely involving the victim engaging with maliciously crafted network traffic or payloads. The CVSS v3.1 score of 8.1 reflects a high severity, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and user interaction required (UI:R). The scope is unchanged (S:U), but the impact on confidentiality and integrity is high (C:H/I:H), while availability remains unaffected (A:N). This means an attacker could gain unauthorized access to sensitive information or manipulate data within the Zoom Workplace app, potentially compromising enterprise communications or workflows. No patches or exploits are currently publicly available, but the vulnerability's nature suggests that exploitation could lead to significant security breaches if left unaddressed. The vulnerability was reserved and published in November 2025, indicating recent discovery and disclosure.

The vulnerability poses a significant risk to organizations globally that use Zoom Workplace on Android devices. Successful exploitation could allow attackers to escalate privileges without authentication, leading to unauthorized access to sensitive communications, confidential data, and internal workflows managed through the app. This could result in data breaches, intellectual property theft, and manipulation of organizational communications, undermining trust and operational integrity. Since Zoom Workplace is often used in enterprise environments for collaboration and communication, the impact extends to business continuity and regulatory compliance, especially in sectors handling sensitive or regulated data such as finance, healthcare, and government. The requirement for user interaction slightly reduces the risk but does not eliminate it, as social engineering or malicious network conditions could facilitate exploitation. The lack of known exploits in the wild currently limits immediate widespread impact, but the high CVSS score and nature of the vulnerability warrant urgent remediation to prevent future attacks.

Organizations should immediately verify the version of Zoom Workplace for Android deployed within their environments and upgrade all instances to version 6.5.10 or later, where the vulnerability is addressed. Network-level controls should be implemented to monitor and restrict suspicious traffic patterns that could be used to exploit this vulnerability. Employing mobile device management (MDM) solutions can help enforce application updates and restrict installation of unauthorized apps or versions. User awareness training should emphasize caution when interacting with unexpected network requests or prompts within the app. Additionally, organizations should audit and tighten authorization policies within Zoom Workplace configurations to minimize privilege escalation risks. Continuous monitoring for anomalous activity related to Zoom Workplace usage can help detect exploitation attempts early. Finally, maintaining an incident response plan that includes mobile application vulnerabilities will improve preparedness for potential exploitation scenarios.