Spoofing Vulnerability in Microsoft Copilot Application
CVE-2025-59286

9.3CRITICAL

Key Information:

Vendor: Microsoft
Status: Microsoft 365 Copilot's Business Chat
Vendor: CVE Published:; 9 October 2025

What is CVE-2025-59286?

The Copilot Spoofing Vulnerability allows malicious actors to impersonate legitimate users within the Microsoft Copilot application, potentially leading to unauthorized access and manipulation of sensitive data. This security flaw emphasizes the importance of user verification and secure authentication protocols to safeguard against such exploits. It is crucial for users to stay informed about this vulnerability and apply necessary security measures to protect their data.

Affected Version(s)

Microsoft 365 Copilot's Business Chat Unknown

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 9, 2025
Vulnerability Reserved
Sep 11, 2025

JSON