CVE-2025-49731

CWE-2804 documents4 sources

Severity

3.1LOW

EPSS

0.1%

top 71.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft Teams FOR Android Microsoft Microsoft Teams FOR Desktop Microsoft Microsoft Teams FOR IOS +1 more

Timeline

PublishedJul 8

Description

Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages4 packages

▶NVDmicrosoft/teams< 1.0.0.2025112902+1

▶CVEListV5microsoft/microsoft_teams_for_ios2.0.0 — 7.10.1 (100772025102901)

▶CVEListV5microsoft/microsoft_teams_for_android1.0.0 — 1.0.0.2025112902

▶CVEListV5microsoft/microsoft_teams_for_desktop1.0.0 — 25060212643

🔴Vulnerability Details

GHSA

GHSA-3x7p-3vvq-9qr7: Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network↗2025-07-08

▶

CVEList

Microsoft Teams Elevation of Privilege Vulnerability↗2025-07-08

▶

📋Vendor Advisories

Microsoft

Microsoft Teams Elevation of Privilege Vulnerability↗2025-07-08

▶