CVE-2025-32711

Name of the Vulnerable Software and Affected Versions Microsoft 365 Copilot versions prior to the fix released in May 2025

Description A zero-click AI command injection issue, identified as EchoLeak (CVE-2025-32711), affects Microsoft 365 Copilot. This flaw allows an unauthorized attacker to disclose information over a network without any user interaction. The vulnerability exploits a lack of isolation between trust boundaries within Copilot, enabling malicious prompts embedded in emails to exfiltrate sensitive data. The attack leverages prompt injection, automatic tool invocation, and techniques like CSP bypass and ASCII smuggling. Researchers at Aim Labs discovered the vulnerability in January 2025 and reported it to Microsoft, who subsequently addressed it server-side in May 2025. This is the first known zero-click attack targeting agentic AI systems.

Recommendations Ensure Microsoft 365 Copilot is updated to the version released in May 2025 or later to address this vulnerability.