Microsoft 365 Copilot enterprise customers

2025-07-04

A vulnerability in Microsoft 365 Copilot reportedly allowed users to access and summarize files without generating audit log entries, allegedly undermining traceability and compliance. Security researcher Zack Korman disclosed the issue to Microsoft, which reportedly classified it as "important" and fixed it on August 17, 2025, but reportedly chose not to notify customers or assign a CVE.