CVE-2025-64657 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-64657 PUBLISHED CVSS 9.800000190734863 CRITICAL

Stack-based buffer overflow in Azure Application Gateway allows an unauthorized attacker to elevate privileges over a network.

EPSS 0.11% · 29.6th percentile

Risk Scores

CVSS v3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

EPSS Score

0.11%

29.6th percentile

Affected Products

Vendor	Product	Versions
Microsoft	Azure App Gateway	-
microsoft	azure_application_gateway
microsoft	azure_app_gateway	-

Timeline

Nov 11, 2025 CVE Published
Nov 20, 2025 PoC Published
Nov 21, 2025 PoC Published
Nov 26, 2025 EPSS Score
Nov 26, 2025 PoC Published
Nov 26, 2025 PoC Published
Nov 26, 2025 PoC Published
Nov 30, 2025 EPSS Score
Dec 4, 2025 EPSS Score
Dec 8, 2025 EPSS Score
Dec 12, 2025 EPSS Score
Dec 17, 2025 EPSS Score

References

Azure Application Gateway Elevation of Privilege Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-64657 advisory

Open in Interactive Console →