A newly discovered assault method termed EchoLeak has been defined as a “zero-click” AI weakness that enables malicious individuals to extract confidential information from Microsoft 365 Copilot’s context without any user engagement.
The high-severity vulnerability has been allocated the CVE identifier CVE-2025-32711 (CVSS score: 9.3). It necessitates no action from the user and has already been