AI description
CVE-2025-32711 is a command injection vulnerability affecting Microsoft 365 Copilot. It allows an unauthorized attacker to disclose information over a network. The vulnerability, dubbed "EchoLeak," is a zero-click AI vulnerability, meaning it can be exploited without any user interaction. The attack involves embedding a malicious prompt payload within markdown-formatted content, such as an email. When the AI system's retrieval-augmented generation (RAG) engine parses this content, the payload silently triggers the LLM to extract and return private information from the user's current context. This could potentially expose sensitive data, including chat histories, OneDrive documents, SharePoint content, and Teams conversations. Microsoft has addressed this vulnerability.
- Description
- Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- CNA Tags
- exclusively-hosted-service
- Products
- 365_copilot
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
- secure@microsoft.com
- CWE-77
- Hype score
- Not currently trending
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
26 Jan 2026
73 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
24 Jan 2026
110 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
23 Jan 2026
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
22 Jan 2026
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXcE9
@orfgeotech
20 Jan 2026
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
19 Jan 2026
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2023-20198 2 - CVE-2025-32711 3 - CVE-2025-20393 4 - CVE-2025-61728 5 - CVE-2026-22812 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
18 Jan 2026
136 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 EchoLeak: The invisible threat inside Microsoft 365 Copilot! **What people saw:** A routine Copilot feature in Microsoft 365, seamlessly assisting employees with day-to-day tasks, seemed benign. **What was actually happening:** EchoLeak (CVE-2025-32711), a critical https:/
@photogrim_
14 Jan 2026
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
14 Jan 2026
86 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXcE9
@orfgeotech
10 Jan 2026
78 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
7 Jan 2026
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
5 Jan 2026
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
1 Jan 2026
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXcE9
@orfgeotech
29 Dec 2025
83 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXcE9
@orfgeotech
25 Dec 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXcE9
@orfgeotech
21 Dec 2025
78 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXcE9
@orfgeotech
17 Dec 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
14 Dec 2025
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
8 Dec 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
5 Dec 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXcE9
@orfgeotech
2 Dec 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
"The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/naIEPV5aBD "
@raisinadialogue
30 Nov 2025
182 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
29 Nov 2025
82 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
24 Nov 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXcE9
@orfgeotech
20 Nov 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
"The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/GIyPYy7mM7 "
@orfonline
20 Nov 2025
339 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
19 Nov 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Zero-click #LLM attacks are here. #EchoLeak (CVE-2025-32711) hijacked #Microsoft Copilot with no user action. Hidden prompts → scope violation → silent data exfiltration. Protect with: patching, strict filters, least-privilege, monitoring, red-team tests. #AIsecurity #
@consult_secnuo
18 Nov 2025
2 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
EchoLeak (CVE-2025-32711) proves agentic #AI threats are no longer theoretical, says @radware's Pascal Geenens. Hidden prompt injections in routine tasks can exfiltrate enterprise data via Copilot or chat agents. #cybersecurity #infosec #ITsecurity https://t.co/kxpwhC6XUR
@SCMagazine
16 Nov 2025
678 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
1 Quote
"The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/naIEPV5aBD "
@raisinadialogue
12 Nov 2025
168 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-24200 2 - CVE-2025-32711 3 - CVE-2013-3219 4 - CVE-2021-4034 5 - CVE-2007-6249 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
10 Nov 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/mGCZRawjgC
@ORFMumbai
10 Nov 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
"The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/GIyPYy6OWz "
@orfonline
9 Nov 2025
396 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/mGCZRavLr4
@ORFMumbai
4 Nov 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/mGCZRavLr4
@ORFMumbai
1 Nov 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/mGCZRawjgC
@ORFMumbai
24 Oct 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
"The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/GIyPYy7mM7 "
@orfonline
22 Oct 2025
356 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/mGCZRawjgC
@ORFMumbai
22 Oct 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft 365 Copilot Flaw Explained: How 'EchoLeak' (CVE-2025-32711) Steals Your Data with a Single Email Read the full report on - https://t.co/K92u6IBvOC https://t.co/XK2RTFdqxl
@cyberbivash
21 Oct 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/mGCZRavLr4
@ORFMumbai
21 Oct 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/GIyPYy7mM7
@orfonline
19 Oct 2025
416 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/GIyPYy6OWz
@orfonline
18 Oct 2025
518 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/GIyPYy6OWz
@orfonline
17 Oct 2025
353 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/GIyPYy6OWz
@orfonline
17 Oct 2025
394 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/GIyPYy6OWz
@orfonline
16 Oct 2025
318 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/GIyPYy7mM7
@orfonline
16 Oct 2025
357 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/GIyPYy6OWz
@orfonline
16 Oct 2025
394 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/GIyPYy7mM7
@orfonline
15 Oct 2025
372 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/GIyPYy7mM7
@orfonline
14 Oct 2025
349 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/GIyPYy6OWz
@orfonline
14 Oct 2025
177 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:365_copilot:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E4A390D9-7457-430A-82CC-A24DA275BF06"
}
],
"operator": "OR"
}
]
}
]