CVE-2025-64738
📋 TL;DR
This vulnerability in Zoom Workplace for macOS allows an authenticated user with local access to control file names or paths, potentially leading to information disclosure. It affects macOS users running Zoom Workplace versions before 6.5.10. The attacker must already have authenticated access to the system.
💻 Affected Systems
- Zoom Workplace
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An authenticated malicious user could manipulate file paths to access sensitive system files or user data stored outside intended directories, potentially exposing credentials, configuration files, or other confidential information.
Likely Case
An authenticated user with local access could read files they shouldn't normally access by manipulating file paths in Zoom Workplace's operations, leading to unauthorized information disclosure.
If Mitigated
With proper access controls and least privilege principles, the impact is limited as the attacker must already have authenticated access and can only affect files accessible to the Zoom process.
🎯 Exploit Status
Exploitation requires authenticated access and knowledge of local file system. No public exploit code has been disclosed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.5.10
Vendor Advisory: https://www.zoom.com/en/trust/security-bulletin/zsb-25040
Restart Required: Yes
Instructions:
1. Open Zoom Workplace on macOS. 2. Click your profile picture. 3. Select 'Check for Updates'. 4. If update to 6.5.10 is available, click 'Update'. 5. Restart Zoom Workplace after installation completes.
🔧 Temporary Workarounds
Restrict local user access
allLimit which users have authenticated access to systems running vulnerable Zoom Workplace versions
🧯 If You Can't Patch
- Implement strict file system permissions and access controls to limit what files Zoom process can access
- Monitor for unusual file access patterns from Zoom Workplace process
🔍 How to Verify
Check if Vulnerable:
Check Zoom Workplace version in macOS: Open Zoom Workplace → Click profile picture → About Zoom → Check version numberCheck Version:
On macOS terminal: /Applications/zoom.us.app/Contents/MacOS/zoom.us --versionVerify Fix Applied:
Verify version is 6.5.10 or higher using same method as checking vulnerability📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns by Zoom process
- Failed file access attempts outside normal directories
Network Indicators:
- Not applicable - local vulnerability
SIEM Query:
process_name:"zoom.us" AND (file_access:* OR file_read:*) AND NOT file_path:"/Applications/zoom.us.app/*"