CVE-2025-53783: Microsoft Teams Remote Code Execution Vulnerability

Overview

Severity

High (CVSS 7.5)

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Remote Code Execution

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2025-Aug

Released

2025-08-12

Last Updated

2025-10-30

EPSS Score

0.08% (percentile: 24.6%)

Description

Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network.

FAQ

According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability? An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.

Detection & Weaponization (1 sources)

Maturity: Exploit

• GitHub PoC: 1 repositories

Affected Products (8)

Device

• Teams for D365 Remote Assist HoloLens
• Teams Panels
• Teams Phones
• Teams for D365 Guides Hololens

Microsoft Office

• Microsoft Teams for Android
• Microsoft Teams for iOS
• Microsoft Teams for Desktop
• Microsoft Teams for Mac, New Edition

Security Updates (3)

• Release Notes
• Release Notes
• Release Notes

Acknowledgments

Anonymous working with Trend Zero Day Initiative

Revision History

• 2025-08-12: Information published.
• 2025-10-30: Updated product information in the Software Update table. This is an informational change only.