Overview
CVE-2025-64738 is a medium severity vulnerability affecting Zoom Workplace for macOS versions prior to 6.5.10. This vulnerability stems from insufficient validation of file names or paths, potentially allowing an authenticated local user to exploit the system and gain access to sensitive information. This is achieved through external control of the file name or path, leading to unintended file access.
Technical Details
The vulnerability lies in the way Zoom Workplace for macOS handles file paths and names during specific operations. An attacker with local access and valid Zoom credentials can manipulate the expected file name or path used by the application. This manipulation allows the attacker to redirect the application’s file access to a location they control, potentially leaking sensitive data that the application would normally have access to. The exact nature of the vulnerable operation is not publicly disclosed to prevent further exploitation of unpatched systems; however, the fix likely involves rigorous input sanitization and path validation.
CVSS Analysis
The Common Vulnerability Scoring System (CVSS) assigns CVE-2025-64738 a score of 5.0, indicating a MEDIUM severity. The breakdown is as follows:
- Attack Vector: Local (L)
- Attack Complexity: Low (L)
- Privileges Required: Low (L)
- User Interaction: None (N) – Although the description mentioned authenticated user, the interaction needed to trigger it is non-existent.
- Scope: Unchanged (U)
- Confidentiality Impact: Low (L)
- Integrity Impact: None (N)
- Availability Impact: None (N)
This score reflects the requirement for local access and authentication, limiting the scope of potential attackers. However, the low attack complexity makes it relatively easy to exploit once the necessary prerequisites are met. The impact is limited to information disclosure, without affecting system integrity or availability.
Possible Impact
Successful exploitation of CVE-2025-64738 could lead to the following:
- Disclosure of sensitive information: Attackers could potentially gain access to configuration files, logs, or other data containing usernames, passwords (if stored insecurely), API keys, or other confidential details.
- Privilege Escalation (indirect): Although not a direct result, disclosed information could be used as a stepping stone for further attacks and privilege escalation if the revealed data contains valid credentials or access tokens.
Mitigation or Patch Steps
The recommended mitigation is to update Zoom Workplace for macOS to version 6.5.10 or later. This version contains the necessary patches to address the vulnerability. Users should:
- Check their current Zoom Workplace version: Navigate to Zoom’s “About” section to determine the installed version.
- Download and install the latest version: Download the latest version from the official Zoom website.
- Verify the update: After installation, confirm that the update was successful and that the current version is 6.5.10 or later.
Automatic updates, if enabled, should ensure that the update is applied promptly.