Spoofing Vulnerability in Microsoft Copilot Application
CVE-2025-59286

6.5MEDIUM

Key Information:

Vendor

Microsoft

Vendor
CVE Published:
9 October 2025

What is CVE-2025-59286?

The Copilot Spoofing Vulnerability allows malicious actors to impersonate legitimate users within the Microsoft Copilot application, potentially leading to unauthorized access and manipulation of sensitive data. This security flaw emphasizes the importance of user verification and secure authentication protocols to safeguard against such exploits. It is crucial for users to stay informed about this vulnerability and apply necessary security measures to protect their data.

Affected Version(s)

Microsoft 365 Copilot's Business Chat Unknown

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-59286 : Spoofing Vulnerability in Microsoft Copilot Application