CVE-2025-32711

CRITICAL

CVSS v3

9.3

CRITICAL

EPSS Score

10.7%

exploit probability

CISA KEV

known exploited

Exploitation

—

SSVC status

Description

Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.

Technical Details

CVSS v3 Vector: 3.1
Published: 6/11/2025
Last Modified: 2/20/2026

Frequently Asked Questions

What is CVE-2025-32711?

Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.

Is CVE-2025-32711 actively exploited?

Active exploitation of CVE-2025-32711 has not been confirmed. The EPSS score is 10.7%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2025-32711?

CVE-2025-32711 has a CVSS v3 base score of 9.3 (CRITICAL severity), with vector string 3.1.

Is CVE-2025-32711 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.

Check an IP Search CVEs

Back to CVE Database