A high-severity vulnerability has been identified in Zoom Workplace for Android, which could allow an attacker to bypass security permissions. Successful exploitation could grant an unauthorized user access to meetings or perform actions they are not permitted to, potentially exposing sensitive corporate communications and data. Organizations are urged to update all affected Android devices to the latest version of the application immediately to mitigate this risk.

The vulnerability is an improper authorization handling flaw within the Zoom Workplace application for Android. The application fails to correctly validate a user's permissions before allowing certain actions to be performed. An unauthenticated or low-privileged attacker could potentially exploit this by sending a specially crafted request to the application's backend services via the mobile client, bypassing normal authorization checks. This could allow the attacker to gain elevated privileges within a meeting, access restricted information, or perform actions on behalf of another user without proper consent.

This vulnerability presents a high severity risk with a CVSS score of 8.1. Exploitation could lead to significant business consequences, including the compromise of confidential information discussed in meetings, such as intellectual property, financial data, and strategic plans. Unauthorized access to meetings could result in corporate espionage, data breaches, and a severe loss of privacy. The potential for reputational damage is substantial, and a successful breach could lead to a loss of customer trust and potential regulatory penalties for non-compliance with data protection standards.

Immediate Action: The primary remediation is to apply the vendor-supplied security update across all corporate and BYOD Android devices. All instances of Zoom Workplace for Android must be upgraded to version 6.0 or later immediately. Following the update, security teams should review Zoom access and activity logs for any suspicious or unauthorized actions, particularly those originating from older versions of the Android client.

Proactive Monitoring: Implement enhanced monitoring of Zoom logs for anomalous behavior. Look for unusual meeting join/leave patterns, unexpected promotions of attendees to host/co-host roles, or API calls originating from outdated Android clients. Network monitoring should be configured to flag suspicious traffic patterns associated with the Zoom application on mobile devices.

Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce the risk. Enforce mandatory Multi-Factor Authentication (MFA) for all Zoom accounts. Utilize a Mobile Device Management (MDM) solution to block application access from devices running vulnerable versions of Zoom. Educate users on meeting security best practices, such as using passcodes and waiting rooms, and instruct them to report any unusual in-meeting activity.

Public Exploit Available: false

Given the high CVSS score of 8.1 and the critical role Zoom plays in business communications, this vulnerability requires immediate attention. We strongly recommend that all organizations prioritize the deployment of the security update for Zoom Workplace for Android to version 6.0 or newer across all managed and unmanaged devices. Although this CVE is not currently listed on the CISA KEV catalog, its potential impact on confidentiality makes it a prime target for future exploitation. Swift and decisive patching is the most effective strategy to prevent the compromise of sensitive corporate data.