CVE-2025-32711

CRITICAL

Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.

CVSS v3.1 Score

9.3

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

Attack Vector

NETWORK

Complexity

LOW

Privileges

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

NONE

Published: 6/11/2025Modified: 2/20/2026

Related Intelligence (1)

LOWSupply Chain

6 ways attackers abuse AI services to hack your business

Attackers are starting to exploit AI systems to mount attacks in the same way they once relied on built-in enterprise tools such as PowerShell. Instead of relying on malware, cybercriminals are increasingly abusing AI tools enterprises depend on — a trend some experts describe as living off the AI land. “We’re seeing it in things like poisoned MCP servers in the supply chain, attackers using legit

CVE-2025-32711CVE-2026-25253

4h agoCSO Online

References (2)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32711Vendor Advisory https://www.aim.security/lp/aim-labs-echoleak-m365