GHSA-xwv4-vj99-cxxj

CVE-2025-59252

Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to disclose information over a network.

CVE-2025-59252

M365 Copilot Information Disclosure Vulnerability