CVE-2025-53774: Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
Summary
CVE-2025-53774 is an information disclosure vulnerability in Microsoft 365 Copilot BizChat caused by improper neutralization of special elements used in commands (command injection, where attackers craft malicious input to execute unintended commands). The vulnerability allows unauthorized access to sensitive information, though the severity rating has not yet been assigned by the National Institute of Standards and Technology.
Vulnerability Details
6.5(medium)
EPSS: 0.1%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-53774
First tracked: February 15, 2026 at 08:51 PM
Classified by LLM (prompt v3) · confidence: 85%