Spoofing Vulnerability in M365 Copilot by Microsoft
CVE-2025-59252

6.5MEDIUM

Key Information:

Vendor: Microsoft
Status: Microsoft 365 Word Copilot
Vendor: CVE Published:; 9 October 2025

What is CVE-2025-59252?

The vulnerability in M365 Copilot allows an attacker to spoof valid user interactions, potentially leading to unauthorized actions within the application. This could compromise sensitive data, allowing for phishing attempts or unauthorized access to user accounts. Keeping M365 Copilot and associated software up to date is essential for maintaining robust security measures and preventing exploitation of this vulnerability.

Affected Version(s)

Microsoft 365 Word Copilot Unknown

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 9, 2025
Vulnerability Reserved
Sep 11, 2025

JSON