CVE-2025-64741
Published: 13 November 2025
Summary
CVE-2025-64741 is a high-severity Injection (CWE-74) vulnerability in Zoom Workplace (inferred from references). Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 27.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-64741 involves improper authorization handling (CWE-74) in Zoom Workplace for Android versions before 6.5.10. This vulnerability enables an unauthenticated user to conduct an escalation of privilege via network access. It carries a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N) and was published on 2025-11-13T15:15:54.110.
An unauthenticated attacker can exploit this vulnerability over the network with low attack complexity, requiring some user interaction but no prior privileges. Successful exploitation allows escalation of privilege, resulting in high impacts to confidentiality and integrity, though availability remains unaffected and the scope is unchanged.
Zoom's security bulletin at https://www.zoom.com/en/trust/security-bulletin/zsb-25043 provides details on the vulnerability. Mitigation requires updating to Zoom Workplace for Android version 6.5.10 or later.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-175317
Vulnerability details
Improper authorization handling in Zoom Workplace for Android before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability explicitly enables escalation of privilege through exploitation of improper authorization, directly mapping to T1068: Exploitation for Privilege Escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires enforcement of approved authorizations for logical access, directly countering the improper authorization handling that enables privilege escalation in Zoom Workplace for Android.
Mandates identification, reporting, and correction of system flaws, ensuring timely patching of this vulnerability fixed in version 6.5.10.
Employs least privilege to restrict unnecessary access, limiting the impact of privilege escalation even if authorization is bypassed.