CVE-2025-59272
BaseFortify
Publication date: 2025-10-09
Last updated on: 2025-12-11
Assigner: Microsoft Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | 365_copilot_chat | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-59272 is a vulnerability known as the Copilot Spoofing Vulnerability. It involves a security issue where an attacker could potentially spoof or impersonate the Copilot feature, leading to unauthorized actions or misleading outputs. The vulnerability has a CVSS v3.1 base score of 6.5, indicating a medium severity with network attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, high confidentiality impact, and no impact on integrity or availability.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to spoof the Copilot feature, potentially causing unauthorized disclosure of confidential information since the confidentiality impact is high. However, it does not affect the integrity or availability of the system. An attacker could exploit this vulnerability remotely without privileges but requires user interaction.