Race Condition in Microsoft Teams Leading to Privilege Escalation
CVE-2025-49737

7HIGH

Key Information:

Vendor

Microsoft

Vendor
CVE Published:
8 July 2025

What is CVE-2025-49737?

A race condition exists in Microsoft Teams that can be exploited by an authorized attacker to elevate privileges locally. This vulnerability occurs due to improper synchronization while accessing shared resources, potentially allowing an attacker to manipulate access rights and execute unauthorized actions within the application.

Affected Version(s)

Microsoft Teams for Mac Unknown 1.0.0.0 < 25163.3001.3726.6503

References

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-49737 : Race Condition in Microsoft Teams Leading to Privilege Escalation