CVEFinder.io

CVE-2025-49737

⚠ī¸ high
🔍 Scan for this CVE
Summary

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Teams allows an authorized attacker to elevate privileges locally.

CVSS Score
7.0
High
EPSS Score
0.0
Exploit Probability
Published Date
2025-07-08
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 51.9% of all 326,604 vulnerabilities in our database.

#156,984
Above average severity
Severity Percentile
đŸŽ¯ CISA SSVC Assessment Updated: Jul 9, 2025
🔍 Exploitation Status
None
No known exploits
⚙ī¸ Automatable
NO
Requires human interaction
đŸ’Ĩ Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2026-02-13
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-362

đŸ“Ļ Affected Products 2

Vendor Product Status Affected Versions
microsoft teams Affected
< 25163.3001.3726.6503
microsoft microsoft_teams_for_mac Affected
≥ 1.0.0.0 < 25163.3001.3726.6503

🔗 References 1

https://msrc.microsoft.com/update-guide/vulnerabilit...
Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-32185 đŸ”ļ medium 5.5 0.1 Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofi... 2026-05-12
CVE-2026-33823 ⛔ critical 9.6 0.1 Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network. 2026-05-07
CVE-2026-26133 ⚠ī¸ high 7.1 0.1 AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network. 2026-03-16
CVE-2026-21535 ⚠ī¸ high 8.2 0.1 Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network. 2026-02-19
CVE-2025-53783 ⚠ī¸ high 7.5 0.1 Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network. 2025-08-12
CVE-2025-49731 ℹī¸ low 3.1 0.0 Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate ... 2025-07-08
These CVEs affect the same products