CVE-2025-49731: Microsoft Teams Elevation of Privilege Vulnerability

Overview

Severity

Low (CVSS 3.1)

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

Category

Elevation of Privilege

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2025-Jul

Released

2025-07-08

EPSS Score

0.10% (percentile: 27.9%)

Description

Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network.

FAQ

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability? An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).

Affected Products (3)

Microsoft Office

• Microsoft Teams for Android
• Microsoft Teams for iOS
• Microsoft Teams for Desktop

Security Updates (3)

• Release Notes
• Release Notes
• Release Notes

Acknowledgments

<a href="https://www.linkedin.com/in/mohammedalqi/">Muhammad Alqi Fahrezi</a>

Revision History

• 2025-07-08: Information published.