Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Custom URL scheme handlers are reached by the victim opening an attacker-supplied link or co-resident app, so UI:R is more honest than the vendor's UI:N; impact remains total.
Primary rating from Vendor (Zoom).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
8DescriptionNVD
Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access.
AnalysisAI
Privilege escalation in the Zoom Workplace mobile app (Android before 7.0.4, iOS before 7.0.3) stems from improper authorization in the handler that processes the app's custom URL scheme, allowing an unauthenticated actor to elevate privileges via network access. Zoom self-reported and patched the flaw, and no public exploit identified at time of analysis; EPSS remains very low (0.04%, 12th percentile) and CISA SSVC marks exploitation as none, indicating no observed activity despite the 9.8 CVSS score.
More in Zoom Workplace
View allPrivilege escalation in Zoom Workplace mobile clients (Android before 7.0.4, iOS before 7.0.3) stems from improper autho
Information disclosure in Zoom Workplace for iOS before version 7.0.0 allows an authenticated user with physical access
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36522
GHSA-xm5c-4gf9-qf8c