Microsoft 365 Copilot EchoLeak allowed zero-click data theft

Jun 2025

CVE-2025-32711 (EchoLeak) enabled attackers to steal sensitive corporate data from Microsoft 365 Copilot without any user interaction. Hidden prompts embedded in documents or emails were automatically executed when Copilot indexed them, exfiltrating confidential information via image requests.

Incident Details

Perpetrator:AI productivity assistant

Severity:Catastrophic

Blast Radius:Enterprise Microsoft 365 Copilot users exposed to zero-click data exfiltration via malicious documents and emails

Tech Stack

Microsoft 365 Copilot

References

Hack The Box: Inside CVE-2025-32711 EchoLeak ↗Checkmarx: EchoLeak CVE-2025-32711 Shows AI Security is Challenging ↗NVD: CVE-2025-32711 ↗