Vulnerability intelligence
CVE-2025-32711
Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVSS Score
9.3
Critical
EPSS — Exploit Probability
19%
Riskier than 96% of all CVEs
Exploitation
Not in CISA KEV
No federal exploitation record
Remediation
Patch available
Vendor fix published
1 article across 1 outlet · first covered May 4, 2026 · latest May 4, 2026
Associated threat actors
Coverage timeline
-
AI Powered Scams Rise as Deepfake Calls Cost Firms Millionssocradar.io · May 4, 2026