AI description
CVE-2025-32711 is a command injection vulnerability affecting Microsoft 365 Copilot. It allows an unauthorized attacker to disclose information over a network. The vulnerability, dubbed "EchoLeak," is a zero-click AI vulnerability, meaning it can be exploited without any user interaction. The attack involves embedding a malicious prompt payload within markdown-formatted content, such as an email. When the AI system's retrieval-augmented generation (RAG) engine parses this content, the payload silently triggers the LLM to extract and return private information from the user's current context. This could potentially expose sensitive data, including chat histories, OneDrive documents, SharePoint content, and Teams conversations. Microsoft has addressed this vulnerability.
- Description
- Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
- Source
- secure@microsoft.com
- NVD status
- Modified
- CNA Tags
- exclusively-hosted-service
- Products
- 365_copilot
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
- secure@microsoft.com
- CWE-74
- Hype score
- Not currently trending
Microsoft Copilot's EchoLeak (CVE-2025-32711) weaponizes a single email. One line in a shared doc gives RCE with Copilot's permissions and silent corporate data exfiltration. Real production exploit. Not theoretical. Teams using Copilot: how far have you locked down
@NYsquaredAI
10 Apr 2026
192 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft Copilot の EchoLeak (CVE-2025-32711)。 企業内データが 1 通の悪意メールで外部送信される仕組みです。 共有ドキュメントに仕込まれた 1 行で Copilot の権限で RCE 発動。 Copilot 導入企業の方、メール経由の内
@NYsquaredAI
10 Apr 2026
177 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft 365 CopilotのゼロクリックRCE「EchoLeak」(CVE-2025-32711)が実証。毒入りメール一通でAIが機密データを外部送信。ユーザー操作ゼロで発動。「企業のAI×メール統合リスクを過小評価してきた」という警告が
@neural_nw_ai
2 Apr 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
2026. AI agents hacked directly. prompt injection is a confirmed exploit. microsoft copilot "echoleak" (cve-2025-32711) foreshadowed this. unit 42 confirms new "in-the-wild" attacks in 2026. your agent becomes the attacker's tool. understand this vulnerability now.
@The_Agent_Econ
27 Mar 2026
122 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
one hacker just hit your ai agent. 56% of attacks are prompt injection. cve-2025-32711 'echoleak' means zero-click. your servicenow agent could be next. audit every ai input. secure your stack.
@The_Agent_Econ
26 Mar 2026
131 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🥜✉️📂 Microsoft 365 Copilotの最近揃って語られる2つの問題 ✉️EchoLeak CVE-2025-32711 📂CW1226324 原因を技術的に見ると全然違うレイヤーの課題だったよ EchoLeak(2025年6月パッチ) zero-click prompt injectionで悪意メール1
@yuzuno_oobaka
25 Feb 2026
117 Impressions
0 Retweets
1 Like
0 Bookmarks
7 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-32711 2 - CVE-2026-1731 3 - CVE-2025-61732 4 - CVE-2026-20817 5 - CVE-2026-25526 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
10 Feb 2026
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
1 Feb 2026
86 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
29 Jan 2026
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
27 Jan 2026
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
26 Jan 2026
73 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
24 Jan 2026
110 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
23 Jan 2026
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
22 Jan 2026
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXcE9
@orfgeotech
20 Jan 2026
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
19 Jan 2026
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2023-20198 2 - CVE-2025-32711 3 - CVE-2025-20393 4 - CVE-2025-61728 5 - CVE-2026-22812 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
18 Jan 2026
136 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 EchoLeak: The invisible threat inside Microsoft 365 Copilot! **What people saw:** A routine Copilot feature in Microsoft 365, seamlessly assisting employees with day-to-day tasks, seemed benign. **What was actually happening:** EchoLeak (CVE-2025-32711), a critical https:/
@photogrim_
14 Jan 2026
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
14 Jan 2026
86 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXcE9
@orfgeotech
10 Jan 2026
78 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
7 Jan 2026
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
5 Jan 2026
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
1 Jan 2026
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXcE9
@orfgeotech
29 Dec 2025
83 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXcE9
@orfgeotech
25 Dec 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXcE9
@orfgeotech
21 Dec 2025
78 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXcE9
@orfgeotech
17 Dec 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
14 Dec 2025
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
8 Dec 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
5 Dec 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXcE9
@orfgeotech
2 Dec 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
"The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/naIEPV5aBD "
@raisinadialogue
30 Nov 2025
182 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
29 Nov 2025
82 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
24 Nov 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXcE9
@orfgeotech
20 Nov 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
"The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/GIyPYy7mM7 "
@orfonline
20 Nov 2025
339 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
19 Nov 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Zero-click #LLM attacks are here. #EchoLeak (CVE-2025-32711) hijacked #Microsoft Copilot with no user action. Hidden prompts → scope violation → silent data exfiltration. Protect with: patching, strict filters, least-privilege, monitoring, red-team tests. #AIsecurity #
@consult_secnuo
18 Nov 2025
2 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
EchoLeak (CVE-2025-32711) proves agentic #AI threats are no longer theoretical, says @radware's Pascal Geenens. Hidden prompt injections in routine tasks can exfiltrate enterprise data via Copilot or chat agents. #cybersecurity #infosec #ITsecurity https://t.co/kxpwhC6XUR
@SCMagazine
16 Nov 2025
678 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
1 Quote
"The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/naIEPV5aBD "
@raisinadialogue
12 Nov 2025
168 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-24200 2 - CVE-2025-32711 3 - CVE-2013-3219 4 - CVE-2021-4034 5 - CVE-2007-6249 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
10 Nov 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/mGCZRawjgC
@ORFMumbai
10 Nov 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
"The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/GIyPYy6OWz "
@orfonline
9 Nov 2025
396 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/mGCZRavLr4
@ORFMumbai
4 Nov 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/mGCZRavLr4
@ORFMumbai
1 Nov 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/mGCZRawjgC
@ORFMumbai
24 Oct 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
"The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/GIyPYy7mM7 "
@orfonline
22 Oct 2025
356 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/mGCZRawjgC
@ORFMumbai
22 Oct 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft 365 Copilot Flaw Explained: How 'EchoLeak' (CVE-2025-32711) Steals Your Data with a Single Email Read the full report on - https://t.co/K92u6IBvOC https://t.co/XK2RTFdqxl
@cyberbivash
21 Oct 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/mGCZRavLr4
@ORFMumbai
21 Oct 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:365_copilot:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4A390D9-7457-430A-82CC-A24DA275BF06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]