CVE-2025-32711: Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
criticalvulnerabilityLLM-Specific
security
Summary
CVE-2025-32711 is a command injection vulnerability (a weakness where an attacker tricks a program into running unintended commands) in Microsoft 365 Copilot that allows an unauthorized attacker to disclose information over a network. The vulnerability has a CVSS severity score of 4.0 (a moderate rating on a 0-10 scale where 10 is most severe). Microsoft has published information about this vulnerability, but the provided source does not contain specific technical details about the attack or its impact.
Vulnerability Details
CVSS Score
9.3(critical)
EPSS (30-day exploit probability)
EPSS: 3.4%
Classification
Attack Type
Prompt Injection
Attack SophisticationModerate
Impact (CIA+S)
confidentialityintegrity
Affected Vendors
Microsoft
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-32711
First tracked: February 15, 2026 at 08:51 PM
Classified by LLM (prompt v3) · confidence: 85%