{"data":{"id":"adfb10dd-4f62-42ec-bf07-3ced445603eb","title":"CVE-2025-59272: Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized at","summary":"CVE-2025-59272 is a command injection vulnerability (a flaw where an attacker can insert malicious commands into user input that gets executed by the system) in Copilot that allows an unauthorized attacker to disclose information locally. The vulnerability stems from improper handling of special characters in commands, and it has a CVSS 4.0 severity rating (a moderate severity score on a 0-10 scale).","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-59272","publishedAt":"2025-10-09T21:15:38.930Z","cveId":"CVE-2025-59272","cweIds":["CWE-77"],"cvssScore":"9.3","cvssSeverity":"critical","severity":"critical","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Microsoft"],"affectedVendorsRaw":["Microsoft Copilot"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.0008,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-88"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}