CVE-2025-49731

LOW3.1JSON export Create alert

Description

Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

E

Unchanged

RL

O

RC

Changed

Affected products

Microsoft / Microsoft Teams for Android1.0.0 – 1.0.0.2025112902
Microsoft / Microsoft Teams for Desktop1.0.0 – 25060212643
Microsoft / Microsoft Teams for iOS2.0.0 – 7.10.1 (100772025102901)

References

VENDOR_ADVISORYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49731