CVE-2025-64741 – An improper authorization vulnerability in Zoom... (How to Fix)

Q: What is the severity of CVE-2025-64741?

CVE-2025-64741 has a CVSS score of 8.1 (HIGH). An improper authorization vulnerability in Zoom Workplace for Android allows unauthenticated attackers with network access to escalate privileges. This affects all Android users running Zoom Workplace versions before 6.5.10. Attackers could potentially gain unauthorized access to sensitive app functions.

📋 TL;DR

An improper authorization vulnerability in Zoom Workplace for Android allows unauthenticated attackers with network access to escalate privileges. This affects all Android users running Zoom Workplace versions before 6.5.10. Attackers could potentially gain unauthorized access to sensitive app functions.

💻 Affected Systems

Products:

Zoom Workplace for Android

Versions: All versions before 6.5.10

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Android version of Zoom Workplace app. Requires network access to vulnerable device.

📦 What is this software?

Meeting Software Development Kit by Zoom

View all CVEs affecting Meeting Software Development Kit →

Workplace by Zoom

View all CVEs affecting Workplace →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of Zoom Workplace app data and functionality, potentially accessing sensitive meeting information, contacts, or device resources.

🟠

Likely Case

Unauthorized access to app features or data that should require authentication, potentially exposing user information or enabling further attacks.

🟢

If Mitigated

Limited impact with proper network segmentation and updated app versions, restricting attacker access to vulnerable endpoints.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

CWE-74 indicates improper input validation/neutralization, suggesting potential for crafted network requests to bypass authorization.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.5.10

Vendor Advisory: https://www.zoom.com/en/trust/security-bulletin/zsb-25043

Restart Required: Yes

Instructions:

1. Open Google Play Store 2. Search for Zoom Workplace 3. Update to version 6.5.10 or later 4. Restart the app

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to Android devices running Zoom Workplace

App Removal

android

Temporarily remove Zoom Workplace from vulnerable devices

🧯 If You Can't Patch

Disable Zoom Workplace app on affected devices
Implement strict network access controls to limit exposure

🔍 How to Verify

Check if Vulnerable:

Check Zoom Workplace app version in Android Settings > Apps > Zoom Workplace

Check Version:

Not applicable for Android apps (check via device settings)

Verify Fix Applied:

Confirm app version is 6.5.10 or higher in app settings

📡 Detection & Monitoring

Log Indicators:

Unusual authentication bypass attempts
Unexpected privilege escalation events

Network Indicators:

Suspicious network traffic to Zoom Workplace app ports
Unauthorized API calls

SIEM Query:

Not provided in advisory

📊 Metadata

CVE ID: CVE-2025-64741

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE: CWE-74

EPSS Score: 0.11% exploit probability (29.7th percentile)

Published: November 13, 2025

Last Updated: January 13, 2026

🔗 References

https://www.zoom.com/en/trust/security-bulletin/zsb-25043 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-64741, you might also want to check these: