Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction

June 12, 2025
Artificial Intelligence / Vulnerability

A new attack method called EchoLeak has been identified as a “zero-click” AI vulnerability, enabling malicious actors to extract sensitive data from Microsoft 365 (M365) Copilot without any user involvement. This critical vulnerability has been assigned CVE identifier CVE-2025-32711, with a CVSS score of 9.3. It requires no action from users and has already been addressed by Microsoft, with no reported instances of exploitation. According to a recent advisory, “AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.” This vulnerability has been included in Microsoft’s June 2025 Patch Tuesday updates, bringing the total number of fixed vulnerabilities to 68. Aim Security, which discovered and reported the issue, noted that it exemplifies a large language model (LLM) Scope Violation that leads to indirect prompt injection risks.

Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction

On June 12, 2025, cybersecurity experts disclosed a significant vulnerability known as EchoLeak, which has been classified as a “zero-click” artificial intelligence (AI) exploit. This flaw allows malicious actors to extract sensitive data from Microsoft 365 (M365) Copilot without the need for any user interaction. The vulnerability has been assigned the CVE identifier CVE-2025-32711 and carries a critical CVSS score of 9.3.

Microsoft has confirmed that this exploit has already been mitigated, ensuring that no user action is required to address the issue. Fortunately, there is currently no evidence to suggest that the vulnerability has been actively exploited by cybercriminals. The company, in a statement regarding the flaw, indicated that the AI command injection within M365 Copilot could permit unauthorized information disclosure over a network. Following this advisory, Microsoft has added the vulnerability to its Patch Tuesday list for June 2025, bringing the total number of rectified flaws to 68 in this release cycle.

The discovery and reporting of this critical vulnerability were conducted by Aim Security. Experts classify EchoLeak as an instance of a large language model (LLM) Scope Violation, which facilitates indirect prompt injection attacks. This type of attack exemplifies how sophisticated AI-driven systems can inadvertently expose sensitive data, emphasizing the need for stringent security measures within AI applications.

In terms of the potential tactics employed during this attack, it could be associated with various elements of the MITRE ATT&CK framework. Specifically, tactics such as initial access may apply, given that the vulnerability enables unauthorized access without user engagement. Additionally, techniques related to data exfiltration are also relevant, indicating how adversaries might exploit vulnerabilities to gain unauthorized information from systems.

The implications of such a vulnerability extend beyond immediate data exposure; they underscore a growing concern for organizations that utilize AI systems in their operations. Businesses must remain vigilant and proactive in their cybersecurity measures to protect against emerging threats. The current landscape of vulnerabilities necessitates a thorough examination of AI technology’s security frameworks, ensuring that organizations are not left vulnerable to potential exploitation.

As the cybersecurity landscape continues to evolve, incidents like EchoLeak serve as a critical reminder for business leaders to prioritize risk assessment and protection strategies, particularly in environments where sensitive information is processed. Striking a balance between leveraging advanced technologies and securing sensitive data will be paramount in navigating the complexities of modern cybersecurity challenges.

Source link

Related Posts

Apple Fixes Zero-Click Vulnerability in Messages App Used for Targeted Spyware Attacks on Journalists

June 13, 2025
Spyware / Vulnerability

Apple has revealed that a recently patched security flaw in its Messages app was actively exploited to carry out sophisticated cyber attacks on civil society members. Identified as CVE-2025-43200, the vulnerability was remedied on February 10, 2025, through updates to iOS 18.3.1, iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, watchOS 11.3.1, and visionOS 2.3.1. According to the company, “A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link,” which was resolved with improved security checks. Apple also acknowledged awareness that this vulnerability may have been exploited in “extremely sophisticated” attacks targeting specific individuals. Notably, the updates for iOS 18.3.1, iPadOS 18.3.1, and iPadOS 17.7.5 also fixed another actively exploited zero-day vulnerability, CVE-2025-24200.

Ransomware Groups Exploit Unpatched SimpleHelp Vulnerabilities for Double Extortion Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) reported on Thursday that ransomware criminals are taking advantage of unpatched SimpleHelp Remote Monitoring and Management (RMM) systems to compromise clients of an unnamed utility billing software provider. “This incident highlights a growing trend of ransomware groups exploiting unpatched versions of SimpleHelp RMM since January 2025,” the agency stated in an advisory. Earlier this year, SimpleHelp identified several vulnerabilities (CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726) that could lead to information disclosure, privilege escalation, and remote code execution. These vulnerabilities have been actively exploited, including by ransomware groups like DragonForce, to breach specific targets. In a recent report, Sophos revealed that a Managed Service Provider’s SimpleHelp system was compromised by threat actors using these flaws.

Critical Vulnerability in TP-Link Routers (CVE-2023-33538) Under Active Exploitation, CISA Issues Urgent Warning

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included a critical security flaw affecting TP-Link wireless routers in its Known Exploited Vulnerabilities (KEV) catalog, highlighting evidence of ongoing exploitation. The vulnerability, identified as CVE-2023-33538 (CVSS score: 8.8), involves a command injection issue that could allow arbitrary system command execution when handling the ssid1 parameter in a specially crafted HTTP GET request. Affected models include the TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2, which expose this flaw through the /userRpm/WlanNetworkRpm component. CISA has warned that some impacted devices may be at end-of-life (EoL) or end-of-service (EoS), advising users to stop using them if no mitigations are available. Currently, there is limited public information on the nature of the active exploitation, including attack scale and targeted entities.

New Flodrix Botnet Variant Takes Advantage of Langflow AI Server RCE Vulnerability for DDoS Attacks

Cybersecurity researchers have identified a new campaign that actively exploits a recently revealed critical security flaw in Langflow to deploy the Flodrix botnet malware. According to Trend Micro researchers Aliakbar Zahravi, Ahmed Mohamed Ibrahim, Sunil Bharti, and Shubham Singh in their technical report, attackers are leveraging this vulnerability to execute downloader scripts on compromised Langflow servers, which subsequently retrieve and install the Flodrix malware. This activity involves the exploitation of CVE-2025-3248 (CVSS score: 9.8), a missing authentication vulnerability affecting Langflow, a Python-based visual framework for creating AI applications. Successful exploitation allows unauthenticated attackers to execute arbitrary code through specially crafted HTTP requests. Langflow addressed this flaw with version 1.3.0, released in March 2025. Last month, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) highlighted…