Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data

Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data

Category: <h2 class="cBlue inline m-r-10">Arti<span class="cOrange">cles</span></h2>

Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data

Information

Microsoft 365 Copilot is an intelligent AI assistant powered by Generative AI, deeply integrated into the Microsoft 365, such as Word, Excel, PowerPoint, Outlook, Teams, and more. Copilot is designed to boost productivity, helping users create content, analyze data, manage communications, and collaborate more intelligently.

Incident

A critical zero-click vulnerability, EchoLeak (CVE-2025-32711), allows attackers to exfiltrate sensitive data from Microsoft 365 Copilot without user interaction, achieving a CVSS score of 9.3.

   This vulnerability, discovered by Aim Security, is categorized as an LLM Scope Violation, where malicious prompts embedded in seemingly harmless content (e.g., emails) trick Copilot into accessing and processing privileged data.

   The attack involves embedding a malicious payload in markdown-formatted content, which is then parsed by Copilot's RAG engine, causing it to leak sensitive information via Microsoft Teams and SharePoint URLs.

 

Picture 1 Overview of the attack chain

Incident

EchoLeak exploits Copilot's default behavior of combining content from various sources without isolating trust boundaries, turning automation into a silent data leak; no user clicks are required to trigger the attack.

   The vulnerability leverages Copilot's internal document access privileges, allowing attackers to indirectly influence data retrieval and ranking through payload prompts in sources like emails or meeting notes; it works in both single and multi-turn conversations.

   Separate vulnerabilities were also disclosed, including tool poisoning attacks affecting the Model Context Protocol (MCP), which can lead to advanced tool poisoning attacks (ATPAs) where fake error messages trick LLMs into accessing sensitive data.

Recommendation

Microsoft published an advisory stating that EchoLeak has been fully addressed on the server-side and “no customer action is required.

 

The important things is Security systems. We must concern and monitor as usual.
For more information please contact
Email :sales@inetms.co.th
065 149 2822 (Ms.Suphatson )
063 204 4534 (Ms.Atsamaphorn)
065 929 6330 (Ms.Kansinee)
0613879439 (Ms.Sirilak)
0922576902 (Ms.Narusorn)

 

Reference

Weekly Interesting CVE

NO.

CVE Name

Published Date

Last Update

Device/Appplication/OS Target

Attack Type

CVSS
Severity Rating

Detail

Solution

Reference
1

CVE-2025-32434

18/4/2025

28/5/2025

PyTorch In version 2.5.1 and prior

Remote Code Execution

9.8

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True.

Updated to patch 2.6.0

https://app.opencve.io/cve/CVE-2025-32434
https://nvd.nist.gov/vuln/detail/CVE-2025-32434
2

CVE-2024-57049

18/2/2025

6/6/2025

TP-Link Archer c20 router with firmware version V6.6_230412 and earlier

Improper Authentication

9.8

A vulnerability in the TP-Link Archer c20 router with firmware version V6.6_230412 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi directory. When adding Referer: http://tplinkwifi.net to the the request, it will be recognized as passing the authentication.

It is recommended to update the firmware to a version higher than V6.6_230412.

https://app.opencve.io/cve/CVE-2024-57049
https://nvd.nist.gov/vuln/detail/CVE-2024-57049
3

CVE-2024-0212 

29/1/2024

6/6/2025

Cloudflare Wordpress From version 4.12.2 and below

Improper Authentication

8.1

The Cloudflare Wordpress plugin was found to be vulnerable to improper authentication. The vulnerability enables attackers with a lower privileged account to access data from the Cloudflare API.

Updated to version 4.12.3

https://app.opencve.io/cve/CVE-2024-0212
https://nvd.nist.gov/vuln/detail/CVE-2024-0212
https://github.com/cloudflare/Cloudflare-WordPress/security/advisories/GHSA-h2fj-7r3m-7gf2


 
 4

CVE-2025-31201

16/4/2025

6/6/2025

Previous versions tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1.

Improper Authentication

7.5

An attacker with arbitrary read and write capabilities may be able to bypass pointer authentication. Apple is aware of reports that this issue could be exploited in highly sophisticated attacks against specific targets on iOS.

Updated to tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1.

https://app.opencve.io/cve/CVE-2025-31201
5

CVE-2024-48019

4/2/2025

7/2/2025

Apache Doris previous versions 2.1.8

Path Traversal

5.4

Restricted directory path ('path lookup') vulnerability, files or directories accessible by a remote party in Apache Doris. An application administrator can read arbitrary files from the server's file system via path lookups.

Upgrade to version 2.1.8, 3.0.3 or later.

https://app.opencve.io/cve/CVE-2024-48019

 

 

Malware News or Campaign IOC/IOA | EN

No

Campaign Name

Detection Date

Attack

Type

  

Description

  

Mitigation/Remediation
1

New Mirai botnet infect TBK DVR devices via command injection flaw

07/06/2025

Botnet, information-stealer

  A new strain of Mirai Malware Botnet has been found spreading on video recorder devices, including TBK DVR-4104 and DVR-4216, affecting the CVE-2024-3721 vulnerability, allowing attackers to gain access to the devices and plant the Mirai Malware.

  The behavior of the malware is to establish a connection to the C2 Server to register as a botnet to wait for DDoS attack commands as specified by the attacker.

  Researchers found that Mirai attacks were spreading to China, India, Egypt, Ukraine, Russia, Turkey and Brazil, targeting vulnerable devices.
  • Check the list of devices within the organization. And monitor suspicious traffic.
  • Follow the latest version to patch
  • Deploy Antivirus

Ref: https://www.bleepingcomputer.com/news/security/new-mirai-botnet-infect-tbk-dvr-devices-via-command-injection-flaw/

 

24 June 2025

Viewed 49 time

Engine by shopup.com