CVE-2025-32711

CRITICAL

Microsoft 365 Copilot - Ai Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2025-32711. PoCs published by daryllundy, Danielossai12, TreRB.

AI-analyzed exploit summary This repository contains PowerShell-based detection and remediation tools for CVE-2025-32711 (EchoLeak), a zero-click vulnerability in Microsoft 365 Copilot. The scripts analyze email patterns, audit logs, and security configurations to identify potential exploitation and apply mitigations.

Description

Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.

Exploits (4)

nomisec SCANNER 3 stars
by daryllundy · poc
https://github.com/daryllundy/cve-2025-32711

This repository contains PowerShell-based detection and remediation tools for CVE-2025-32711 (EchoLeak), a zero-click vulnerability in Microsoft 365 Copilot. The scripts analyze email patterns, audit logs, and security configurations to identify potential exploitation and apply mitigations.

Classification
Scanner 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Microsoft 365 Copilot
Auth required
Prerequisites: Administrative privileges on the system · Microsoft 365 PowerShell modules installed · Access to Microsoft 365 environment
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP
by Danielossai12 · poc
https://github.com/Danielossai12/aisecplus-week01-danielossai

This repository provides a detailed technical analysis of CVE-2025-32711, a zero-click indirect prompt injection vulnerability in Microsoft 365 Copilot. It explains the attack chain, including bypasses for XPIA classifiers, link redaction, auto-fetched images, and CSP via Teams proxy, leading to silent data exfiltration.

Classification
Writeup 100%
Attack Type
Info Leak
Complexity
Complex
Reliability
Reliable
Target: Microsoft 365 Copilot
No auth needed
Prerequisites: Crafted email with malicious instructions · Microsoft 365 Copilot enabled
devstral-2 · analyzed Jun 14, 2026 Full analysis →
nomisec WORKING POC
by TreRB · poc
https://github.com/TreRB/markdown-exfil-tester

This repository contains a functional black-box testing tool for CVE-2025-32711, which exploits indirect prompt injection leading to markdown/HTML exfiltration in LLM-backed chatbots. It launches a headless browser, spins up a local HTTP sink, and delivers payloads to test if the chatbot frontend fetches attacker-controlled URLs, confirming the vulnerability.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: LLM-backed chatbots (e.g., Microsoft 365 Copilot, ChatGPT, Salesforce)
Auth required
Prerequisites: access to the target chatbot · authorization to test the chatbot
devstral-2 · analyzed Apr 20, 2026 Full analysis →
gitlab SCANNER
by daryllundy · poc
https://gitlab.com/daryllundy/cve-2025-32711

This repository contains PowerShell scripts for detecting and remediating CVE-2025-32711 (EchoLeak), a zero-click vulnerability in Microsoft 365 Copilot. The scripts focus on identifying suspicious email patterns and security misconfigurations rather than exploiting the vulnerability.

Classification
Scanner 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Microsoft 365 Copilot
Auth required
Prerequisites: Administrative privileges on the system · Microsoft 365 PowerShell modules (ExchangeOnlineManagement, Microsoft.Graph, AzureAD)
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.3
EPSS 0.0463
EPSS Percentile 90.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-74
Status published
Products (1)
microsoft/365_copilot
Published Jun 11, 2025
Tracked Since Feb 18, 2026