365 Copilot
Monthly
M365 Copilot has an input validation vulnerability allowing unauthorized attackers to extract sensitive information through crafted prompts over the network.
CVE-2025-32711 is an AI command injection vulnerability in Microsoft 365 Copilot that enables unauthenticated network-based attacks to disclose sensitive information without user interaction. The vulnerability affects M365 Copilot deployments and allows attackers to inject malicious commands that bypass normal authorization controls. With a critical CVSS score of 9.3 and no authentication requirement, this poses an immediate risk to organizations using Copilot features; exploitation status and POC availability require confirmation through Microsoft security advisories.
M365 Copilot has an input validation vulnerability allowing unauthorized attackers to extract sensitive information through crafted prompts over the network.
CVE-2025-32711 is an AI command injection vulnerability in Microsoft 365 Copilot that enables unauthenticated network-based attacks to disclose sensitive information without user interaction. The vulnerability affects M365 Copilot deployments and allows attackers to inject malicious commands that bypass normal authorization controls. With a critical CVSS score of 9.3 and no authentication requirement, this poses an immediate risk to organizations using Copilot features; exploitation status and POC availability require confirmation through Microsoft security advisories.