The flaw in Microsoft 365 Copilot is a command injection weakness (CWE‑77) due to improper neutralization of special elements used in a command. An attacker who can send a specially crafted request to the Copilot service can cause the backend to execute unintended commands, which can then read or transmit data that the service normally handles. The result is the disclosure of information that may include proprietary or sensitive data processed by the Copilot service.

Any deployment of Microsoft 365 Copilot that includes the vulnerable command handling code is affected. Microsoft 365 Enterprise customers using Copilot should treat all versions as vulnerable until they apply the official patch, as the CNA has not provided specific version ranges.

The CVSS score of 5.3 indicates a medium severity, while the EPSS score of less than 1% suggests a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, meaning no confirmed exploits are known. The likely attack vector is a network‑based attack in which an adversary gains access to the Copilot endpoint, possibly via a compromised user session or a mis‑configured network perimeter. Once the command injection is triggered, the attacker can exfiltrate information, potentially impacting confidentiality on the affected deployment. Given the medium score but low EPSS, the risk remains moderate, but organizations should treat the issue as a potential threat until a patch is applied.