CVE-2025-64741 identifies a critical security vulnerability in Zoom Communications Inc.'s Zoom Workplace application for Android devices, specifically in versions prior to 6.5.10. The root cause is improper authorization handling combined with improper neutralization of special elements in output used by downstream components, classified under CWE-74 (Injection). This vulnerability allows an unauthenticated attacker to exploit injection flaws via network access to escalate privileges within the application environment. The attack vector is network-based (AV:N), requires low attack complexity (AC:L), and does not require any privileges (PR:N), but does require user interaction (UI:R). The scope is unchanged (S:U), and the impact on confidentiality and integrity is high (C:H/I:H), while availability remains unaffected (A:N). This means an attacker can potentially gain unauthorized access to sensitive information or manipulate data integrity without disrupting service availability. Although no exploits have been reported in the wild yet, the vulnerability's characteristics make it a significant risk, especially in environments where Zoom Workplace is used extensively on Android devices. The vulnerability highlights the importance of proper input validation and authorization checks in mobile applications, particularly those handling sensitive communications and collaboration data.

For European organizations, this vulnerability poses a substantial risk to the confidentiality and integrity of communications and data handled via Zoom Workplace on Android devices. An attacker exploiting this flaw could escalate privileges without authentication, potentially gaining unauthorized access to sensitive corporate information or manipulating data within the app. This could lead to data breaches, intellectual property theft, or manipulation of corporate communications. The impact is particularly critical for sectors relying heavily on secure remote collaboration, such as finance, healthcare, government, and critical infrastructure. The lack of availability impact means services may continue running, potentially masking the presence of an attacker. Given the widespread use of Zoom in Europe, especially in countries with large mobile workforces, the vulnerability could facilitate targeted attacks or lateral movement within networks if exploited. The absence of known exploits currently provides a window for proactive mitigation, but the high CVSS score underscores the urgency.

1. Immediate update of Zoom Workplace for Android to version 6.5.10 or later, where the vulnerability is patched. 2. Implement strict network access controls and monitoring to detect and block suspicious traffic targeting Zoom Workplace applications. 3. Employ mobile device management (MDM) solutions to enforce application updates and restrict installation of vulnerable app versions. 4. Conduct regular security awareness training for users to recognize and avoid suspicious interactions that could trigger the vulnerability. 5. Use endpoint detection and response (EDR) tools to monitor for unusual privilege escalation behaviors on Android devices. 6. Collaborate with IT and security teams to audit and limit permissions granted to Zoom Workplace, minimizing potential attack surface. 7. Maintain up-to-date threat intelligence feeds to quickly respond if exploits emerge in the wild. 8. Consider network segmentation to isolate mobile devices running Zoom Workplace from critical backend systems to reduce lateral movement risk.