What is CVE-2025-32711?

A critical vulnerability in Microsoft 365 Copilot allows unauthorized attackers to exploit AI command injection, resulting in potential information disclosure. Immediate patching is necessary to mitigate risks associated with this vulnerability.

What is the severity of CVE-2025-32711?

CVE-2025-32711 has a severity rating of CRITICAL with a CVSS base score of 9.3.

CVE-2025-32711 | Critical Vulnerability in Microsoft 365 Copilot

CVE-2025-32711 is a critical vulnerability affecting Microsoft 365 Copilot, with a CVSS score of 9.3. This vulnerability allows unauthorized attackers to disclose information over a network through AI command injection. The severity of this vulnerability is significant, as it can lead to unauthorized data exposure.

Organizations utilizing Microsoft 365 Copilot are at risk, particularly due to the network-based attack vector and low attack complexity. Attackers may leverage this vulnerability to gain access to sensitive information, making it imperative for organizations to prioritize their security posture.

Currently, this vulnerability has known exploitability, and organizations should take immediate actions to mitigate the associated risks. Organizations should prioritize patching immediately.

As this vulnerability has not been included in the KEV catalog, the urgency to patch remains critical for all impacted users.

This vulnerability represents a significant risk, and organizations must be proactive in addressing it to safeguard their data and operations.

Vulnerability Details

CVE-2025-32711 is classified as an AI command injection vulnerability in Microsoft 365 Copilot. The official description states that it allows an unauthorized attacker to disclose information over a network.

The CVSS score for this vulnerability is 9.3, indicating a critical severity level. The attack vector is classified as network-based, with low attack complexity, requiring no privileges and no user interaction.

The confidentiality impact is rated as high, while the integrity impact is low and the availability impact is none. This vulnerability is linked to CWE-74.

Technical Analysis

The root cause of CVE-2025-32711 is a flaw in the handling of AI commands within Microsoft 365 Copilot, which allows attackers to inject unauthorized commands. The attack vector is network-based, meaning that an attacker can exploit it remotely without physical access to the system.

The attack complexity is low, indicating that the vulnerability can be exploited easily by an attacker without specialized knowledge. Privileges required are none, and user interaction is also not required, making it more accessible for potential exploitation.

The confidentiality impact is high, meaning sensitive data could be disclosed as a result of this vulnerability. The integrity impact is low, suggesting that data modification is less likely, while the availability impact is none.

Organizations must be vigilant in monitoring their environments for signs of exploitation, especially focusing on unauthorized access attempts or anomalies related to AI command handling.

Risk & Impact Analysis

Risk to organizations includes potential unauthorized access to sensitive information, leading to data breaches and compliance issues. The blast radius is significant, particularly for organizations that rely heavily on Microsoft 365 Copilot for operations.

The urgency for organizations to address this vulnerability is high due to its critical severity rating. Organizations should address in priority patch cycle.

Exploitation Status

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected product is Microsoft 365 Copilot. All versions prior to vendor patch are vulnerable to CVE-2025-32711.

Mitigation & Remediation

Organizations should immediately apply security patches provided by Microsoft to mitigate this vulnerability. For detailed guidance on patching, organizations can refer to the penetration testing. If a patch is unavailable, organizations should implement appropriate configuration hardening and monitoring controls.

Detection Guidance

Organizations should monitor logs for indicators of unauthorized access related to Microsoft 365 Copilot. Behavioral anomalies and unusual network traffic patterns should also be investigated closely.

AppSecure Threat Intelligence Insight

CVE-2025-32711 highlights the ongoing need for organizations to prioritize security measures surrounding AI systems. As these technologies become more prevalent, the potential for exploitation increases, necessitating robust security practices.

Organizations should continuously evaluate their security frameworks to address vulnerabilities proactively. For more insights on securing AI systems, refer to our AI security services and consider implementing a comprehensive penetration testing methodology to identify weaknesses.

Furthermore, understanding the risk landscape and incorporating lessons learned from incidents can help organizations build resilience against future threats.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-32711: Critical Vulnerability in Microsoft 365 Copilot