An improper authorization flaw in the Zoom Workplace URL scheme enables unauthenticated users to escalate privileges, necessitating an immediate application update.

This is an improper authorization vulnerability within the handler for the custom URL scheme. An unauthenticated user can leverage this flaw via network access to elevate their privileges within the application context.

The CVSS score of 8.1 reflects the high risk associated with privilege escalation. Successful exploitation allows an attacker to bypass established security controls, potentially gaining access to sensitive user data or administrative functions within the Zoom environment, leading to significant reputational and operational damage.

Immediate Action: Upgrade Zoom Workplace to version 7.0.4 for Android or 7.0.3 for iOS or later versions.

Proactive Monitoring: Monitor device and application logs for unusual usage patterns or unauthorized attempts to trigger custom URL schemes within the organizational Zoom instance.

Compensating Controls: Implement mobile device management (MDM) policies to restrict unauthorized network access and enforce application version compliance across the enterprise.

Public Exploit Available: false

This vulnerability presents a clear risk to mobile device security and internal Zoom data integrity. Administrators should ensure all mobile endpoints are updated to the specified versions immediately to neutralize the privilege escalation vector.