Information Disclosure Vulnerability in Microsoft 365 Copilot
CVE-2025-32711

9.3CRITICAL

Key Information:

Vendor: Microsoft
Status: Microsoft 365 Copilot
Vendor: CVE Published:; 11 June 2025

What is CVE-2025-32711?

The M365 Copilot product from Microsoft is susceptible to an information disclosure vulnerability that permits unauthorized attackers to disclose sensitive information over a network. This defect stems from a command injection flaw within the AI functionalities of M365 Copilot, emphasizing the need for immediate awareness and mitigation steps to safeguard user data.

Affected Version(s)

Microsoft 365 Copilot Unknown

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 11, 2025
Vulnerability Reserved
Apr 9, 2025