CVE-2025-64656 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-64656 PUBLISHED CVSS 9.399999618530273 CRITICAL

Out-of-bounds read in Application Gateway allows an unauthorized attacker to elevate privileges over a network.

EPSS 0.11% · 29.6th percentile

Risk Scores

CVSS v3.1

9.399999618530273

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C

EPSS Score

0.11%

29.6th percentile

Affected Products

Vendor	Product	Versions
microsoft	azure_application_gateway
microsoft	azure_app_gateway	-
Microsoft	Azure App Gateway	-

Timeline

Nov 11, 2025 CVE Published
Nov 20, 2025 PoC Published
Nov 21, 2025 PoC Published
Nov 26, 2025 EPSS Score
Nov 30, 2025 EPSS Score
Dec 4, 2025 EPSS Score
Dec 8, 2025 EPSS Score
Dec 8, 2025 CVE Updated
Dec 12, 2025 EPSS Score
Dec 17, 2025 EPSS Score
Dec 21, 2025 EPSS Score
Dec 25, 2025 EPSS Score

References

Azure Application Gateway Elevation of Privilege Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-64656 advisory

Open in Interactive Console →