CVE-2025-64741

High

Published: 13 November 2025

Published

13 November 2025

Modified

14 November 2025

KEV Added

—

Patch

—

CVSS Score 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

EPSS Score 0.0009 25.3th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

Security Summary

CVE-2025-64741 involves improper authorization handling (CWE-74) in Zoom Workplace for Android versions before 6.5.10. This vulnerability enables an unauthenticated user to conduct an escalation of privilege via network access. It carries a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N) and was published on 2025-11-13T15:15:54.110.

An unauthenticated attacker can exploit this vulnerability over the network with low attack complexity, requiring some user interaction but no prior privileges. Successful exploitation allows escalation of privilege, resulting in high impacts to confidentiality and integrity, though availability remains unaffected and the scope is unchanged.

Zoom's security bulletin at https://www.zoom.com/en/trust/security-bulletin/zsb-25043 provides details on the vulnerability. Mitigation requires updating to Zoom Workplace for Android version 6.5.10 or later.

Details

CWE(s): CWE-74

MITRE ATT&CK Enterprise Techniques

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

The vulnerability explicitly enables escalation of privilege through exploitation of improper authorization, directly mapping to T1068: Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://www.zoom.com/en/trust/security-bulletin/zsb-25043
security@zoom.us