CVEFinder.io

CVE-2025-49731

ℹī¸ low
🔍 Scan for this CVE
Summary

Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network.

CVSS Score
3.1
Low
EPSS Score
0.0
Exploit Probability
Published Date
2025-07-08
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 2.1% of all 326,604 vulnerabilities in our database.

#319,765
Below average severity
Severity Percentile
đŸŽ¯ CISA SSVC Assessment Updated: Jul 9, 2025
🔍 Exploitation Status
None
No known exploits
⚙ī¸ Automatable
NO
Requires human interaction
đŸ’Ĩ Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2026-02-13
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE IDs (Weakness Types)
CWE-280

đŸ“Ļ Affected Products 6

Vendor Product Status Affected Versions
microsoft teams Affected
< 1.0.0.2025112902
microsoft teams Affected
< 7.10.1
microsoft teams Affected
v-
microsoft microsoft_teams_for_android Affected
≥ 1.0.0 < 1.0.0.2025112902
microsoft microsoft_teams_for_ios Affected
≥ 2.0.0 < 7.10.1 (100772025102901)
microsoft microsoft_teams_for_desktop Affected
≥ 1.0.0 < 25060212643

🔗 References 1

https://msrc.microsoft.com/update-guide/vulnerabilit...
Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-32185 đŸ”ļ medium 5.5 0.1 Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofi... 2026-05-12
CVE-2026-33823 ⛔ critical 9.6 0.1 Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network. 2026-05-07
CVE-2026-26133 ⚠ī¸ high 7.1 0.1 AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network. 2026-03-16
CVE-2026-21535 ⚠ī¸ high 8.2 0.1 Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network. 2026-02-19
CVE-2025-53783 ⚠ī¸ high 7.5 0.1 Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network. 2025-08-12
CVE-2025-49737 ⚠ī¸ high 7.0 0.0 Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Teams allows an... 2025-07-08
These CVEs affect the same products