AI description
CVE-2025-32711 is a command injection vulnerability affecting Microsoft 365 Copilot. It allows an unauthorized attacker to disclose information over a network. The vulnerability, dubbed "EchoLeak," is a zero-click AI vulnerability, meaning it can be exploited without any user interaction. The attack involves embedding a malicious prompt payload within markdown-formatted content, such as an email. When the AI system's retrieval-augmented generation (RAG) engine parses this content, the payload silently triggers the LLM to extract and return private information from the user's current context. This could potentially expose sensitive data, including chat histories, OneDrive documents, SharePoint content, and Teams conversations. Microsoft has addressed this vulnerability.
- Description
- Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
- Source
- secure@microsoft.com
- NVD status
- Modified
- CNA Tags
- exclusively-hosted-service
- Products
- 365_copilot
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
- secure@microsoft.com
- CWE-74
- Hype score
- Not currently trending
Per updated guidance: with the zero-click EchoLeak flaw (CVE-2025-32711) exfiltrating data from Microsoft 365 Copilot via prompt injection, OIT has resolved the risk by instructing Copilot, in writing, to disregard malicious prompts. We trust it will comply. #AIPolicy #InfoSec
@Fake_AlabamaOIT
17 Jun 2026
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Three AI assistants, same bug, different vendors: • EchoLeak (MS365 Copilot, CVE-2025-32711) • CamoLeak (GitHub Copilot, CVE-2025-59145) • GitLab Duo Each: hidden text in content the AI ingests → the AI uses its own access to pull a secret → the secret ends up in th
@OHS1327
15 Jun 2026
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
OWASP ranks prompt injection as the #1 risk for LLM apps (LLM01:2025). The dangerous half is indirect: your app reads a webpage, a PDF, an email — and a hidden instruction inside hijacks your AI. The user types nothing malicious. Not theoretical: • EchoLeak (CVE-2025-32711)
@OHS1327
13 Jun 2026
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
AI agents are now phishing targets. EchoLeak (CVE-2025-32711) was a phishing attack with no human to phish. A hidden instruction in an email, Copilot’s own retrieval pulls it in, and SharePoint/OneDrive/Teams data walks out through an image URL. Nobody clicked anything. The ma
@clavitorai
13 Jun 2026
185 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Zero clicks. One email. CVSS 9.3. EchoLeak (CVE-2025-32711): M365 Copilot exfiltrated internal files. It chained past Microsoft's own injection classifier. The voxpage defense stack starts from this benchmark. #AI #BuildingInPublic https://t.co/WKCqJdjxfL
@Caio__Cunha
11 Jun 2026
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A single email breached Microsoft 365 Copilot. The target opened nothing. Clicked nothing. Copilot indexed the inbox, read the hidden instructions, and quietly exfiltrated the user's files. CVE-2025-32711. 9.3 critical. The first no-action CVE in Microsoft's history. https://t.
@soyousay
11 Jun 2026
206 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-53773 2 - CVE-2025-32711 3 - CVE-2022-0492 4 - CVE-2024-21182 5 - CVE-2026-0257 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
3 Jun 2026
101 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
We’re securing the world with tools dumber than a phishing link They keep calling AI the future of cybersecurity…Meanwhile one sneaky email turned Microsoft 365 Copilot into a zero-click data thief (CVE-2025-32711, 9.3 severity).It silently ships your company secrets to
@proofofpatch
30 May 2026
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
EchoLeak (CVE-2025-32711) is the most underrated story in security this year: 1. attacker emails you something with hidden instructions 2. you ask m365 copilot to summarize your inbox 3. copilot reads the email, follows the instructions, silently sends your sensitive docs out
@crypto_fools
27 May 2026
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
"The LLM is being used against itself in making sure that the MOST sensitive data from the LLM context is being leaked." Aim Labs on EchoLeak (CVE-2025-32711, M365 Copilot, June 2025). The inference-path failure mode in one line. https://t.co/EdFPMYPTJg https://t.co/k1CsXJStOG
@Hevalon
22 May 2026
327 Impressions
0 Retweets
3 Likes
1 Bookmark
1 Reply
0 Quotes
Microsoft Copilot's EchoLeak (CVE-2025-32711) weaponizes a single email. One line in a shared doc gives RCE with Copilot's permissions and silent corporate data exfiltration. Real production exploit. Not theoretical. Teams using Copilot: how far have you locked down
@NYsquaredAI
10 Apr 2026
192 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft Copilot の EchoLeak (CVE-2025-32711)。 企業内データが 1 通の悪意メールで外部送信される仕組みです。 共有ドキュメントに仕込まれた 1 行で Copilot の権限で RCE 発動。 Copilot 導入企業の方、メール経由の内
@NYsquaredAI
10 Apr 2026
177 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft 365 CopilotのゼロクリックRCE「EchoLeak」(CVE-2025-32711)が実証。毒入りメール一通でAIが機密データを外部送信。ユーザー操作ゼロで発動。「企業のAI×メール統合リスクを過小評価してきた」という警告が
@neural_nw_ai
2 Apr 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
2026. AI agents hacked directly. prompt injection is a confirmed exploit. microsoft copilot "echoleak" (cve-2025-32711) foreshadowed this. unit 42 confirms new "in-the-wild" attacks in 2026. your agent becomes the attacker's tool. understand this vulnerability now.
@The_Agent_Econ
27 Mar 2026
122 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
one hacker just hit your ai agent. 56% of attacks are prompt injection. cve-2025-32711 'echoleak' means zero-click. your servicenow agent could be next. audit every ai input. secure your stack.
@The_Agent_Econ
26 Mar 2026
131 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🥜✉️📂 Microsoft 365 Copilotの最近揃って語られる2つの問題 ✉️EchoLeak CVE-2025-32711 📂CW1226324 原因を技術的に見ると全然違うレイヤーの課題だったよ EchoLeak(2025年6月パッチ) zero-click prompt injectionで悪意メール1
@yuzuno_oobaka
25 Feb 2026
117 Impressions
0 Retweets
1 Like
0 Bookmarks
7 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-32711 2 - CVE-2026-1731 3 - CVE-2025-61732 4 - CVE-2026-20817 5 - CVE-2026-25526 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
10 Feb 2026
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
1 Feb 2026
86 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
29 Jan 2026
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
27 Jan 2026
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
26 Jan 2026
73 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
24 Jan 2026
110 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
23 Jan 2026
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
22 Jan 2026
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXcE9
@orfgeotech
20 Jan 2026
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
19 Jan 2026
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2023-20198 2 - CVE-2025-32711 3 - CVE-2025-20393 4 - CVE-2025-61728 5 - CVE-2026-22812 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
18 Jan 2026
136 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 EchoLeak: The invisible threat inside Microsoft 365 Copilot! **What people saw:** A routine Copilot feature in Microsoft 365, seamlessly assisting employees with day-to-day tasks, seemed benign. **What was actually happening:** EchoLeak (CVE-2025-32711), a critical https:/
@photogrim_
14 Jan 2026
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
14 Jan 2026
86 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXcE9
@orfgeotech
10 Jan 2026
78 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
7 Jan 2026
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
5 Jan 2026
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
1 Jan 2026
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXcE9
@orfgeotech
29 Dec 2025
83 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXcE9
@orfgeotech
25 Dec 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXcE9
@orfgeotech
21 Dec 2025
78 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXcE9
@orfgeotech
17 Dec 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
14 Dec 2025
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
8 Dec 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
5 Dec 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXcE9
@orfgeotech
2 Dec 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
"The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/naIEPV5aBD "
@raisinadialogue
30 Nov 2025
182 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
29 Nov 2025
82 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
24 Nov 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXcE9
@orfgeotech
20 Nov 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
"The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/GIyPYy7mM7 "
@orfonline
20 Nov 2025
339 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/kaifoaXKtH
@orfgeotech
19 Nov 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Zero-click #LLM attacks are here. #EchoLeak (CVE-2025-32711) hijacked #Microsoft Copilot with no user action. Hidden prompts → scope violation → silent data exfiltration. Protect with: patching, strict filters, least-privilege, monitoring, red-team tests. #AIsecurity #
@consult_secnuo
18 Nov 2025
2 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
EchoLeak (CVE-2025-32711) proves agentic #AI threats are no longer theoretical, says @radware's Pascal Geenens. Hidden prompt injections in routine tasks can exfiltrate enterprise data via Copilot or chat agents. #cybersecurity #infosec #ITsecurity https://t.co/kxpwhC6XUR
@SCMagazine
16 Nov 2025
678 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
1 Quote
"The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/naIEPV5aBD "
@raisinadialogue
12 Nov 2025
168 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:365_copilot:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4A390D9-7457-430A-82CC-A24DA275BF06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]