{"data":{"id":"474446fc-6431-48c2-adad-f1087dce92b6","title":"CVE-2025-32711: Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.","summary":"CVE-2025-32711 is a command injection vulnerability (a weakness where an attacker tricks a program into running unintended commands) in Microsoft 365 Copilot that allows an unauthorized attacker to disclose information over a network. The vulnerability has a CVSS severity score of 4.0 (a moderate rating on a 0-10 scale where 10 is most severe). Microsoft has published information about this vulnerability, but the provided source does not contain specific technical details about the attack or its impact.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-32711","publishedAt":"2025-06-11T14:15:31.530Z","cveId":"CVE-2025-32711","cweIds":["CWE-77"],"cvssScore":"9.3","cvssSeverity":"critical","severity":"critical","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Microsoft"],"affectedVendorsRaw":["Microsoft","M365 Copilot"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.03352,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-88"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}