- AIM Labs safety researchers discovered a lack of violation of the LLM scope in Microsoft 365 COPILOT
- The critical severity bug allows threats to exfiltrate sensitive business data by sending an email
- Microsoft says he has solved the server problem, but users should be on the guard
Microsoft has set a dangerous zero attack click in its model generator of artificial intelligence (GENAI) which could have allowed the actors to threaten to silently exfiltrate sensitive business data without (almost) no user interaction.
Cybersecurity researchers target laboratories, which found the defect, known as “violation of the range of the LLM”, and nicknamed Echoleak.
Here is how it works: a threat player sends an apparently harmless electronic message to the target, which contains a hidden prompt that asks Copilot to exfiltrate sensitive data to a server controlled by the attacker. Since Copilot is integrated into Microsoft 365, this data may include everything, intellectual property files, commercial contracts and legal documents, or internal communications to financial data.
Critical vulnerability
The researchers note that the invite must be formulated as to speak to a human, so that it bypassing the XPIA defenses of Microsoft (attack by cross injection).
Later, when the victim interacts with Copilot and asks a question related to the company, the LLM will draw all the relevant data (including the electronic message of the attackers) and will eventually execute it. The files are stored in a made link or an image.
The bug received the CVE-2025-32711 identifier and received a 9.3 / 10 (critic) gravity score. It was fixed on the server side in May, which means that users have nothing to do. Microsoft also said that there was no evidence that the flaw had been exploited in the past and that none of its customers has been affected.
Microsoft 365 is one of the most popular communications and online collaboration tools based on the cloud, combining Office (Word, Excel and others) applications), Cloud (OneDrive and SharePoint), email and calendar (Outlook, Exchange) and communication tools (teams).
Recently, Microsoft has integrated its generative AI model, Copilot, in Microsoft 365, allowing users to write and summarize emails, generate and modify documents, create data visualizations and analyze trends, and more.
Via Bleeping Compompute
