Refine your search
2 vulnerabilities found for Microsoft Teams for Mac, New Edition by Microsoft
CVE-2025-53783 (GCVE-0-2025-53783)
Vulnerability from cvelistv5
Published
2025-08-12 17:10
Modified
2026-02-13 18:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Teams for Android |
Version: 1.0.0 < 1416/1.0.0.2025102802 |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53783",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T20:07:17.024025Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T20:07:30.210Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Teams for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "1416/1.0.0.2025102802",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Teams for Desktop",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "25122.1415.3698.6812",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Teams for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.10.1 (100772025102901)",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Teams for Mac, New Edition",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "25122.1207.3700.1444",
"status": "affected",
"version": "1.0.0.0",
"versionType": "custom"
}
]
},
{
"product": "Teams for D365 Guides HoloLens",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "907.2505.29001.0",
"status": "affected",
"version": "907.0000",
"versionType": "custom"
}
]
},
{
"product": "Teams for D365 Remote Assist HoloLens",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "316.2505.28001",
"status": "affected",
"version": "316.0000",
"versionType": "custom"
}
]
},
{
"product": "Teams Panel",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "1449/1.0.97.2025102203",
"status": "affected",
"version": "1.0.97",
"versionType": "custom"
}
]
},
{
"product": "Teams Phone",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "1449/1.0.94.2025168802",
"status": "affected",
"version": "1.0.94",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:*:*:*",
"versionEndExcluding": "316.2505.28001",
"versionStartIncluding": "316.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1449/1.0.97.2025102203",
"versionStartIncluding": "1.0.97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1449/1.0.94.2025168802",
"versionStartIncluding": "1.0.94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:*:*:*",
"versionEndExcluding": "907.2505.29001.0",
"versionStartIncluding": "907.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:android:*:*",
"versionEndExcluding": "1416/1.0.0.2025102802",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "7.10.1 (100772025102901)",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:*:*:*",
"versionEndExcluding": "25122.1415.3698.6812",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:new:*:*:*",
"versionEndExcluding": "25122.1207.3700.1444",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-08-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T18:54:55.321Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Teams Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53783"
}
],
"title": "Microsoft Teams Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-53783",
"datePublished": "2025-08-12T17:10:41.147Z",
"dateReserved": "2025-07-09T13:25:25.502Z",
"dateUpdated": "2026-02-13T18:54:55.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-49737 (GCVE-0-2025-49737)
Vulnerability from cvelistv5
Published
2025-07-08 16:58
Modified
2026-02-26 17:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Summary
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Teams allows an authorized attacker to elevate privileges locally.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Teams for Mac, New Edition |
Version: 1.0.0.0 < 25163.3001.3726.6503 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49737",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-09T04:01:25.440186Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:51:06.740Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Teams for Mac, New Edition",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "25163.3001.3726.6503",
"status": "affected",
"version": "1.0.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:new:*:*:*",
"versionEndExcluding": "25163.3001.3726.6503",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-07-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Concurrent execution using shared resource with improper synchronization (\u0027race condition\u0027) in Microsoft Teams allows an authorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T19:07:49.711Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Teams Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49737"
}
],
"title": "Microsoft Teams Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-49737",
"datePublished": "2025-07-08T16:58:14.537Z",
"dateReserved": "2025-06-09T22:49:37.617Z",
"dateUpdated": "2026-02-26T17:51:06.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}