Privilege Elevation Vulnerability in Microsoft Teams by Microsoft
CVE-2025-49731

3.1LOW

Key Information:

Vendor: Microsoft
Status: Microsoft Teams For Android; Microsoft Teams For iOS; Microsoft Teams For Desktop
Vendor: CVE Published:; 8 July 2025

What is CVE-2025-49731?

A security flaw in Microsoft Teams enables attackers with valid credentials to elevate their privileges improperly. This vulnerability may allow unauthorized access to restricted areas of the application, facilitating further attacks or unauthorized data access over the network. Users of Microsoft Teams should be aware of potential risks associated with insufficient permissions and ensure that their applications are up-to-date.

Affected Version(s)

Microsoft Teams for Android Unknown 1.0.0 < 1.0.0.2025112902

Microsoft Teams for Desktop Unknown 1.0.0 < 25060212643

Microsoft Teams for iOS Unknown 2.0.0 < 7.10.1 (100772025102901)

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2025
Vulnerability Reserved
Jun 9, 2025