CVE-2025-53774
published 2025-08-07CVE-2025-53774: Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
PriorityP340high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.55%
41.7th percentile
Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft_365_copilot_s_business_chat | — | — |
| msrc | microsoft_365_copilots_business_chat | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vendor_msrc6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
vendor_msrc·2025-08-12·CVSS 6.5
CVE-2025-53774 [MEDIUM] CWE-77 Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
FAQ: Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?
This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.
Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.
Microsoft 365 Copilot's Business Chat: Microsoft 365 Copilot's Business Chat
Microsoft: Microsoft
Customer Action Required: No
Impact: Information Disclosure
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
GHSA
GHSA-hp6v-f522-x8gx: Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
ghsa_unreviewed·2025-08-07
CVE-2025-53774 [MEDIUM] CWE-77 GHSA-hp6v-f522-x8gx: Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday for August 2025 — Snort rules and prominent vulnerabilities
blogs_talos·2025-08-12·CVSS 7.8
[HIGH] Microsoft Patch Tuesday for August 2025 — Snort rules and prominent vulnerabilities
## Microsoft Patch Tuesday for August 2025 — Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for August 2025, which includes 111 vulnerabilities affecting a range of products, including 13 that Microsoft marked as “critical”.
In this month's release, Microsoft observed none of the included vulnerabilities being actively exploited in the wild. Out of 13 "critical" entries, 9 are remote code execution (RCE) vulnerabilities in Microsoft Windows services and applications including the Windows kernel, Microsoft Message Queuing (MSMQ), Windows Hyper-V, Microsoft Office and GDI+.
CVE-2025-50176 is an RCE vulnerability in DirectX Graphics Kernel given a CVSS 3.1 score of 7.8, where access of resource using incompatible type ('type confusion') in Grap
Talos
Microsoft Patch Tuesday for August 2025 — Snort rules and prominent vulnerabilities
blogs_talos·2025-08-12·CVSS 7.8
[HIGH] Microsoft Patch Tuesday for August 2025 — Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for August 2025, which includes 111 vulnerabilities affecting a range of products, including 13 that Microsoft marked as “critical”.
In this month's release, Microsoft observed none of the included vulnerabilities being actively exploited in the wild. Out of 13 "critical" entries, 9 are remote code execution (RCE) vulnerabilities in Microsoft Windows services and applications including the Windows kernel, Microsoft Message Queuing (MSMQ), Windows Hyper-V, Microsoft Office and GDI+.
CVE-2025-50176 is an RCE vulnerability in DirectX Graphics Kernel given a CVSS 3.1 score of 7.8, where access of resource using incompatible type ('type confusion') in Graphics Kernel allows an authorized attacker to execute code locally. Microsoft has noted t
2025-08-07
Published