CVE-2025-64657 — Vulnetix

CVE-2025-64657 PUBLISHED CVSS 9.800000190734863 CRITICAL

Stack-based buffer overflow in Azure Application Gateway allows an unauthorized attacker to elevate privileges over a network.

EPSS 0.13% · 31.5th percentile

Risk Scores

CVSS v3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

EPSS Score

0.13%

31.5th percentile

Affected Products

Vendor	Product	Versions
Microsoft	Azure App Gateway	-
microsoft	azure_application_gateway
microsoft	azure_app_gateway	-

Timeline

Nov 11, 2025 CVE Published
Nov 20, 2025 PoC Published
Nov 21, 2025 PoC Published
Nov 26, 2025 EPSS Score
Nov 26, 2025 PoC Published
Nov 26, 2025 PoC Published
Nov 26, 2025 PoC Published
Nov 26, 2025 CVE Updated
Dec 1, 2025 EPSS Score
Dec 5, 2025 EPSS Score
Dec 10, 2025 EPSS Score
Dec 14, 2025 EPSS Score

References

Azure Application Gateway Elevation of Privilege Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-64657 advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›