Zoom Workplace
Monthly
Privilege escalation in Zoom Workplace mobile clients (Android before 7.0.4, iOS before 7.0.3) stems from improper authorization in the handler for a custom URL scheme, allowing a remote attacker to elevate privileges over network access. The CVSS 8.1 rating reflects high confidentiality and integrity impact with low-complexity exploitation, though no public exploit identified at time of analysis and the issue is not on the CISA KEV list.
Privilege escalation in the Zoom Workplace mobile app (Android before 7.0.4, iOS before 7.0.3) stems from improper authorization in the handler that processes the app's custom URL scheme, allowing an unauthenticated actor to elevate privileges via network access. Zoom self-reported and patched the flaw, and no public exploit identified at time of analysis; EPSS remains very low (0.04%, 12th percentile) and CISA SSVC marks exploitation as none, indicating no observed activity despite the 9.8 CVSS score.
Information disclosure in Zoom Workplace for iOS before version 7.0.0 allows an authenticated user with physical access to the device to read limited confidential data by exploiting a failed protection mechanism. The vulnerability is constrained by both physical proximity and high privilege requirements, yielding a CVSS score of 1.8 - among the lowest possible. No active exploitation has been identified, and Zoom has released a fix in version 7.0.0 per their security bulletin ZSB-26006.
Privilege escalation in Zoom Workplace mobile clients (Android before 7.0.4, iOS before 7.0.3) stems from improper authorization in the handler for a custom URL scheme, allowing a remote attacker to elevate privileges over network access. The CVSS 8.1 rating reflects high confidentiality and integrity impact with low-complexity exploitation, though no public exploit identified at time of analysis and the issue is not on the CISA KEV list.
Privilege escalation in the Zoom Workplace mobile app (Android before 7.0.4, iOS before 7.0.3) stems from improper authorization in the handler that processes the app's custom URL scheme, allowing an unauthenticated actor to elevate privileges via network access. Zoom self-reported and patched the flaw, and no public exploit identified at time of analysis; EPSS remains very low (0.04%, 12th percentile) and CISA SSVC marks exploitation as none, indicating no observed activity despite the 9.8 CVSS score.
Information disclosure in Zoom Workplace for iOS before version 7.0.0 allows an authenticated user with physical access to the device to read limited confidential data by exploiting a failed protection mechanism. The vulnerability is constrained by both physical proximity and high privilege requirements, yielding a CVSS score of 1.8 - among the lowest possible. No active exploitation has been identified, and Zoom has released a fix in version 7.0.0 per their security bulletin ZSB-26006.