Microsoft 365 Copilot BizChat
by Microsoft
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-32711 | Cri | 0.61 | 9.3 | 0.06 | Jun 11, 2025 | Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2026-24299 | 0.00 | — | 0.01 | Mar 19, 2026 | Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network. | |||
| CVE-2026-21521 | 0.00 | — | 0.01 | Jan 22, 2026 | Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a network. | |||
| CVE-2026-24307 | 0.00 | — | 0.01 | Jan 22, 2026 | Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network. | |||
| CVE-2025-59286 | 0.00 | — | 0.01 | Oct 9, 2025 | Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to disclose information over a network. | |||
| CVE-2025-59272 | 0.00 | — | 0.01 | Oct 9, 2025 | Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to perform information disclosure locally. | |||
| CVE-2025-59252 | 0.00 | — | 0.01 | Oct 9, 2025 | Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to disclose information over a network. | |||
| CVE-2025-53787 | 0.00 | — | 0.01 | Aug 7, 2025 | Microsoft 365 Copilot BizChat Information Disclosure Vulnerability | |||
| CVE-2025-53774 | 0.00 | — | 0.01 | Aug 7, 2025 | Microsoft 365 Copilot BizChat Information Disclosure Vulnerability |
- risk 0.61cvss 9.3epss 0.06
Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
- CVE-2026-24299Mar 19, 2026risk 0.00cvss —epss 0.01
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
- CVE-2026-21521Jan 22, 2026risk 0.00cvss —epss 0.01
Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a network.
- CVE-2026-24307Jan 22, 2026risk 0.00cvss —epss 0.01
Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network.
- CVE-2025-59286Oct 9, 2025risk 0.00cvss —epss 0.01
Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to disclose information over a network.
- CVE-2025-59272Oct 9, 2025risk 0.00cvss —epss 0.01
Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to perform information disclosure locally.
- CVE-2025-59252Oct 9, 2025risk 0.00cvss —epss 0.01
Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to disclose information over a network.
- CVE-2025-53787Aug 7, 2025risk 0.00cvss —epss 0.01
Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
- CVE-2025-53774Aug 7, 2025risk 0.00cvss —epss 0.01
Microsoft 365 Copilot BizChat Information Disclosure Vulnerability