Cyber Resilience

CVE-2025-64671

High

Published: 09 December 2025

Published
09 December 2025
Modified
12 December 2025
KEV Added
Patch
CVSS Score v3.1 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0014 33.4th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-64671 is a high-severity Command Injection (CWE-77) vulnerability in Microsoft Github Copilot. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 33.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-64671 is a command injection vulnerability (CWE-77) in Copilot, caused by improper neutralization of special elements used in a command. This flaw enables an unauthorized attacker to execute code locally on affected systems. Published on 2025-12-09, it carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

A local attacker can exploit this vulnerability with low complexity, requiring no privileges or user interaction. Successful exploitation grants the attacker the ability to execute arbitrary code locally, resulting in high impacts to confidentiality, integrity, and availability.

The Microsoft Security Response Center has published an update guide with mitigation details at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64671.

EU & UK References

Vulnerability details

Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to execute code locally.

CWE(s)

AI Security AnalysisAI

AI Category
Enterprise AI Assistants
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: copilot

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local command injection vulnerability (AV:L/PR:N) enables unauthorized attackers to achieve arbitrary code execution without privileges, directly facilitating Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-21516Same product: Microsoft Github Copilot
CVE-2025-24049Same vendor: Microsoft
CVE-2025-55227Same vendor: Microsoft
CVE-2026-21231Same vendor: Microsoft
CVE-2026-32091Same vendor: Microsoft
CVE-2026-25174Same vendor: Microsoft
CVE-2026-42823Same vendor: Microsoft
CVE-2025-59247Same vendor: Microsoft
CVE-2025-49687Same vendor: Microsoft
CVE-2026-35428Same vendor: Microsoft

Affected Assets

microsoft
github copilot
≤ 1.5.60-243

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Flaw remediation directly addresses the command injection vulnerability in Copilot by applying vendor patches to prevent unauthorized local code execution.

prevent

Information input validation neutralizes special elements in commands processed by Copilot, directly mitigating the improper neutralization flaw.

preventdetect

Malicious code protection mechanisms detect and block arbitrary code execution resulting from command injection exploits in Copilot.

References