Microsoft 365 PDF Export Feature Vulnerable to LFI – Sensitive Data at Risk
Posted: Sun Jul 13, 2025 2:17 pm
A critical security vulnerability in Microsoft 365’s PDF export functionality has been discovered and subsequently patched, highlighting significant risks to sensitive enterprise data.
The vulnerability, which earned its discoverer a $3,000 bounty from Microsoft’s Security Response Center (MSRC), exposed a Local File Inclusion (LFI) attack vector that could potentially compromise confidential system information across multi-tenant environments.
https://gbhackers.com/microsoft-365-pdf ... le-to-lfi/
The vulnerability, which earned its discoverer a $3,000 bounty from Microsoft’s Security Response Center (MSRC), exposed a Local File Inclusion (LFI) attack vector that could potentially compromise confidential system information across multi-tenant environments.
https://gbhackers.com/microsoft-365-pdf ... le-to-lfi/