CVE-2025-59272: Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized at
Summary
CVE-2025-59272 is a command injection vulnerability (a flaw where an attacker can insert malicious commands into user input that gets executed by the system) in Copilot that allows an unauthorized attacker to disclose information locally. The vulnerability stems from improper handling of special characters in commands, and it has a CVSS 4.0 severity rating (a moderate severity score on a 0-10 scale).
Vulnerability Details
9.3(critical)
EPSS: 0.1%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-59272
First tracked: February 15, 2026 at 08:51 PM
Classified by LLM (prompt v3) · confidence: 85%