Multiple Microsoft Teams vulnerabilities enable impersonation and message tampering
Summary
Hide ▲
Show ▼
Four security flaws in Microsoft Teams allowed attackers to manipulate conversations, impersonate colleagues, and exploit notifications. The vulnerabilities could alter message content without indicating edits, change sender identities, and modify display names in private chats and call notifications. These flaws were disclosed in March 2024 and addressed by Microsoft in subsequent patches. The vulnerabilities posed significant risks, enabling attackers to trick users into performing unintended actions, such as clicking malicious links or sharing sensitive data. The flaws affected both external guest users and internal malicious actors, undermining security boundaries and turning Teams into a vector for deception.
Timeline
-
04.11.2025 16:00 1 articles · 6d ago
Microsoft Teams vulnerabilities disclosed in March 2024
Four security flaws in Microsoft Teams were disclosed in March 2024. These vulnerabilities allowed attackers to manipulate conversations, impersonate colleagues, and exploit notifications. Microsoft addressed some of the issues under CVE-2024-38197 in August 2024, with additional patches in September 2024 and October 2025. The flaws enabled altering message content without indicating edits, changing sender identities, and modifying display names in private chats and call notifications.
Show sources
- Microsoft Teams Bugs Let Attackers Impersonate Colleagues and Edit Messages Unnoticed — thehackernews.com — 04.11.2025 16:00
Information Snippets
-
Four vulnerabilities in Microsoft Teams allowed message manipulation, impersonation, and notification exploitation.
First reported: 04.11.2025 16:001 source, 1 articleShow sources
- Microsoft Teams Bugs Let Attackers Impersonate Colleagues and Edit Messages Unnoticed — thehackernews.com — 04.11.2025 16:00
-
The flaws enabled altering message content without the 'Edited' label and changing sender identities.
First reported: 04.11.2025 16:001 source, 1 articleShow sources
- Microsoft Teams Bugs Let Attackers Impersonate Colleagues and Edit Messages Unnoticed — thehackernews.com — 04.11.2025 16:00
-
Attackers could modify display names in private chats and call notifications, forging caller identities.
First reported: 04.11.2025 16:001 source, 1 articleShow sources
- Microsoft Teams Bugs Let Attackers Impersonate Colleagues and Edit Messages Unnoticed — thehackernews.com — 04.11.2025 16:00
-
The vulnerabilities affected both external guest users and internal malicious actors.
First reported: 04.11.2025 16:001 source, 1 articleShow sources
- Microsoft Teams Bugs Let Attackers Impersonate Colleagues and Edit Messages Unnoticed — thehackernews.com — 04.11.2025 16:00
-
Microsoft addressed some of the issues under CVE-2024-38197 in August 2024, with additional patches in September 2024 and October 2025.
First reported: 04.11.2025 16:001 source, 1 articleShow sources
- Microsoft Teams Bugs Let Attackers Impersonate Colleagues and Edit Messages Unnoticed — thehackernews.com — 04.11.2025 16:00
-
Microsoft described CVE-2024-38197 as a medium-severity spoofing issue impacting Teams for iOS.
First reported: 04.11.2025 16:001 source, 1 articleShow sources
- Microsoft Teams Bugs Let Attackers Impersonate Colleagues and Edit Messages Unnoticed — thehackernews.com — 04.11.2025 16:00