CVE-2025-64741 - Vulnerability Details - OpenCVE

Improper authorization handling in Zoom Workplace for Android before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Google	Android
Zoom	Workplace Workplace App Zoom

No data.

No data.

References

Link	Providers
https://www.zoom.com/en/trust/security-bulletin/zsb-25043

History

Fri, 14 Nov 2025 09:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Google Google android Zoom Zoom workplace Zoom workplace App Zoom zoom
Vendors & Products		Google Google android Zoom Zoom workplace Zoom workplace App Zoom zoom

Thu, 13 Nov 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 13 Nov 2025 15:15:00 +0000

Type	Values Removed	Values Added
Description		Improper authorization handling in Zoom Workplace for Android before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access.
Title		Zoom Workplace for Android - Improper Authorization Handling
Weaknesses		CWE-74
References		https://www.zoom.com/en/trust/security-bulletin/zsb-25043
Metrics		cvssV3_1 `{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N'}`

MITRE

Status: PUBLISHED

Assigner: Zoom

Published: 2025-11-13T14:46:59.205Z

Updated: 2025-11-14T04:55:32.679Z

Reserved: 2025-11-10T19:56:35.266Z

Link: CVE-2025-64741

Vulnrichment

Updated: 2025-11-13T15:29:23.259Z

NVD

Status : Awaiting Analysis

Published: 2025-11-13T15:15:54.110

Modified: 2025-11-14T16:42:03.187

Link: CVE-2025-64741

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-64741", "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "state": "PUBLISHED", "assignerShortName": "Zoom", "dateReserved": "2025-11-10T19:56:35.266Z", "datePublished": "2025-11-13T14:46:59.205Z", "dateUpdated": "2025-11-14T04:55:32.679Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Android"], "product": "Zoom Workplace for Android", "vendor": "Zoom Communications Inc.", "versions": [{"lessThan": "6.5.10", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2025-11-11T13:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(247, 247, 248);\">Improper authorization handling in Zoom Workplace for Android before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access.</span><br>"}], "value": "Improper authorization handling in Zoom Workplace for Android before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "shortName": "Zoom", "dateUpdated": "2025-11-13T14:46:59.205Z"}, "references": [{"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25043"}], "source": {"discovery": "UNKNOWN"}, "title": "Zoom Workplace for Android - Improper Authorization Handling", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-13T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2025-64741"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-14T04:55:32.679Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-64741", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-11-13T15:29:16.495673Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-13T15:29:23.259Z"}}], "cna": {"title": "Zoom Workplace for Android - Improper Authorization Handling", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Zoom Communications Inc.", "product": "Zoom Workplace for Android", "versions": [{"status": "affected", "version": "0", "lessThan": "6.5.10", "versionType": "custom"}], "platforms": ["Android"], "defaultStatus": "unaffected"}], "datePublic": "2025-11-11T13:00:00.000Z", "references": [{"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25043"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Improper authorization handling in Zoom Workplace for Android before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(247, 247, 248);\">Improper authorization handling in Zoom Workplace for Android before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"}]}], "providerMetadata": {"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "shortName": "Zoom", "dateUpdated": "2025-11-13T14:46:59.205Z"}}}, "cveMetadata": {"cveId": "CVE-2025-64741", "state": "PUBLISHED", "dateUpdated": "2025-11-14T04:55:32.679Z", "dateReserved": "2025-11-10T19:56:35.266Z", "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "datePublished": "2025-11-13T14:46:59.205Z", "assignerShortName": "Zoom"}, "dataVersion": "5.2"}