CVE-2025-32711: Ai command injection in M365 Copilot allows an unauthorized

Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.

• EPSS 19.4% (95.5% percentile)
• CVSS 9.3 critical

Related briefings

• EchoLeak: Aim Security Discovers Zero-Click Prompt Injection Enabling Data Exfiltration from Microsoft 365 Copilot 2026-02-16

Browse the CVE database

Read the full analysis on IntelFusions