Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Microsoft Teams for Mac, New Edition by Microsoft

    CVE-2025-53783 (GCVE-0-2025-53783)

    Vulnerability from nvd – Published: 2025-08-12 17:10 – Updated: 2026-02-13 18:54
    VLAI
    Title
    Microsoft Teams Remote Code Execution Vulnerability
    Summary
    Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Teams for Android Affected: 1.0.0 , < 1416/1.0.0.2025102802 (custom)
    Create a notification for this product.
    Microsoft Microsoft Teams for Desktop Affected: 1.0.0 , < 25122.1415.3698.6812 (custom)
    Create a notification for this product.
    Microsoft Microsoft Teams for iOS Affected: 2.0.0 , < 7.10.1 (100772025102901) (custom)
    Create a notification for this product.
    Microsoft Microsoft Teams for Mac, New Edition Affected: 1.0.0.0 , < 25122.1207.3700.1444 (custom)
    Create a notification for this product.
    Microsoft Teams for D365 Guides HoloLens Affected: 907.0000 , < 907.2505.29001.0 (custom)
    Create a notification for this product.
    Microsoft Teams for D365 Remote Assist HoloLens Affected: 316.0000 , < 316.2505.28001 (custom)
    Create a notification for this product.
    Microsoft Teams Panel Affected: 1.0.97 , < 1449/1.0.97.2025102203 (custom)
    Create a notification for this product.
    Microsoft Teams Phone Affected: 1.0.94 , < 1449/1.0.94.2025168802 (custom)
    Create a notification for this product.
    Date Public
    2025-08-12 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53783",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-12T20:07:17.024025Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-12T20:07:30.210Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Teams for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "1416/1.0.0.2025102802",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Teams for Desktop",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "25122.1415.3698.6812",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Teams for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.10.1 (100772025102901)",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Teams for Mac, New Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "25122.1207.3700.1444",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Teams for D365 Guides HoloLens",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "907.2505.29001.0",
                  "status": "affected",
                  "version": "907.0000",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Teams for D365 Remote Assist HoloLens",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "316.2505.28001",
                  "status": "affected",
                  "version": "316.0000",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Teams Panel",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "1449/1.0.97.2025102203",
                  "status": "affected",
                  "version": "1.0.97",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Teams Phone",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "1449/1.0.94.2025168802",
                  "status": "affected",
                  "version": "1.0.94",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "316.2505.28001",
                      "versionStartIncluding": "316.0000",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1449/1.0.97.2025102203",
                      "versionStartIncluding": "1.0.97",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1449/1.0.94.2025168802",
                      "versionStartIncluding": "1.0.94",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "907.2505.29001.0",
                      "versionStartIncluding": "907.0000",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "1416/1.0.0.2025102802",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:iphone_os:*:*",
                      "versionEndExcluding": "7.10.1 (100772025102901)",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "25122.1415.3698.6812",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:new:*:*:*",
                      "versionEndExcluding": "25122.1207.3700.1444",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-08-12T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T18:54:55.321Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Teams Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53783"
            }
          ],
          "title": "Microsoft Teams Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-53783",
        "datePublished": "2025-08-12T17:10:41.147Z",
        "dateReserved": "2025-07-09T13:25:25.502Z",
        "dateUpdated": "2026-02-13T18:54:55.321Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-49737 (GCVE-0-2025-49737)

    Vulnerability from nvd – Published: 2025-07-08 16:58 – Updated: 2026-02-26 17:51
    VLAI
    Title
    Microsoft Teams Elevation of Privilege Vulnerability
    Summary
    Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Teams allows an authorized attacker to elevate privileges locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Teams for Mac, New Edition Affected: 1.0.0.0 , < 25163.3001.3726.6503 (custom)
    Create a notification for this product.
    Date Public
    2025-07-08 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-49737",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-09T04:01:25.440186Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:51:06.740Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Teams for Mac, New Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "25163.3001.3726.6503",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:new:*:*:*",
                      "versionEndExcluding": "25163.3001.3726.6503",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-07-08T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Concurrent execution using shared resource with improper synchronization (\u0027race condition\u0027) in Microsoft Teams allows an authorized attacker to elevate privileges locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-362",
                  "description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T19:07:49.711Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Teams Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49737"
            }
          ],
          "title": "Microsoft Teams Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-49737",
        "datePublished": "2025-07-08T16:58:14.537Z",
        "dateReserved": "2025-06-09T22:49:37.617Z",
        "dateUpdated": "2026-02-26T17:51:06.740Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-53783 (GCVE-0-2025-53783)

    Vulnerability from cvelistv5 – Published: 2025-08-12 17:10 – Updated: 2026-02-13 18:54
    VLAI
    Title
    Microsoft Teams Remote Code Execution Vulnerability
    Summary
    Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Teams for Android Affected: 1.0.0 , < 1416/1.0.0.2025102802 (custom)
    Create a notification for this product.
    Microsoft Microsoft Teams for Desktop Affected: 1.0.0 , < 25122.1415.3698.6812 (custom)
    Create a notification for this product.
    Microsoft Microsoft Teams for iOS Affected: 2.0.0 , < 7.10.1 (100772025102901) (custom)
    Create a notification for this product.
    Microsoft Microsoft Teams for Mac, New Edition Affected: 1.0.0.0 , < 25122.1207.3700.1444 (custom)
    Create a notification for this product.
    Microsoft Teams for D365 Guides HoloLens Affected: 907.0000 , < 907.2505.29001.0 (custom)
    Create a notification for this product.
    Microsoft Teams for D365 Remote Assist HoloLens Affected: 316.0000 , < 316.2505.28001 (custom)
    Create a notification for this product.
    Microsoft Teams Panel Affected: 1.0.97 , < 1449/1.0.97.2025102203 (custom)
    Create a notification for this product.
    Microsoft Teams Phone Affected: 1.0.94 , < 1449/1.0.94.2025168802 (custom)
    Create a notification for this product.
    Date Public
    2025-08-12 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53783",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-12T20:07:17.024025Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-12T20:07:30.210Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Teams for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "1416/1.0.0.2025102802",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Teams for Desktop",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "25122.1415.3698.6812",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Teams for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.10.1 (100772025102901)",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Teams for Mac, New Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "25122.1207.3700.1444",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Teams for D365 Guides HoloLens",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "907.2505.29001.0",
                  "status": "affected",
                  "version": "907.0000",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Teams for D365 Remote Assist HoloLens",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "316.2505.28001",
                  "status": "affected",
                  "version": "316.0000",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Teams Panel",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "1449/1.0.97.2025102203",
                  "status": "affected",
                  "version": "1.0.97",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Teams Phone",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "1449/1.0.94.2025168802",
                  "status": "affected",
                  "version": "1.0.94",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "316.2505.28001",
                      "versionStartIncluding": "316.0000",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1449/1.0.97.2025102203",
                      "versionStartIncluding": "1.0.97",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1449/1.0.94.2025168802",
                      "versionStartIncluding": "1.0.94",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "907.2505.29001.0",
                      "versionStartIncluding": "907.0000",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "1416/1.0.0.2025102802",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:iphone_os:*:*",
                      "versionEndExcluding": "7.10.1 (100772025102901)",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "25122.1415.3698.6812",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:new:*:*:*",
                      "versionEndExcluding": "25122.1207.3700.1444",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-08-12T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T18:54:55.321Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Teams Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53783"
            }
          ],
          "title": "Microsoft Teams Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-53783",
        "datePublished": "2025-08-12T17:10:41.147Z",
        "dateReserved": "2025-07-09T13:25:25.502Z",
        "dateUpdated": "2026-02-13T18:54:55.321Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-49737 (GCVE-0-2025-49737)

    Vulnerability from cvelistv5 – Published: 2025-07-08 16:58 – Updated: 2026-02-26 17:51
    VLAI
    Title
    Microsoft Teams Elevation of Privilege Vulnerability
    Summary
    Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Teams allows an authorized attacker to elevate privileges locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Teams for Mac, New Edition Affected: 1.0.0.0 , < 25163.3001.3726.6503 (custom)
    Create a notification for this product.
    Date Public
    2025-07-08 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-49737",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-09T04:01:25.440186Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:51:06.740Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Teams for Mac, New Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "25163.3001.3726.6503",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:new:*:*:*",
                      "versionEndExcluding": "25163.3001.3726.6503",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-07-08T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Concurrent execution using shared resource with improper synchronization (\u0027race condition\u0027) in Microsoft Teams allows an authorized attacker to elevate privileges locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-362",
                  "description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T19:07:49.711Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Teams Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49737"
            }
          ],
          "title": "Microsoft Teams Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-49737",
        "datePublished": "2025-07-08T16:58:14.537Z",
        "dateReserved": "2025-06-09T22:49:37.617Z",
        "dateUpdated": "2026-02-26T17:51:06.740Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }