Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
References
Link | Resource |
---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32711 | Vendor Advisory |
https://www.aim.security/lp/aim-labs-echoleak-m365 |
Configurations
History
04 Aug 2025, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Jul 2025, 00:17
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:microsoft:365_copilot:-:*:*:*:*:*:*:* | |
First Time |
Microsoft
Microsoft 365 Copilot |
|
References | () https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32711 - Vendor Advisory |
12 Jun 2025, 16:06
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
11 Jun 2025, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-06-11 14:15
Updated : 2025-08-04 18:15
NVD link : CVE-2025-32711
Mitre link : CVE-2025-32711
CVE.ORG link : CVE-2025-32711
JSON object : View
Products Affected
microsoft
- 365_copilot
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')