CVE-2025-65037 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-65037 PUBLISHED CVSS 10 CRITICAL

Improper control of generation of code ('code injection') in Azure Container Apps allows an unauthorized attacker to execute code over a network.

EPSS 0.07% · 21.9th percentile

Risk Scores

CVSS v3.1

10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C

EPSS Score

0.07%

21.9th percentile

Affected Products

Vendor	Product	Versions
microsoft	azure_container_apps	-
Microsoft	Azure Container Apps	-

Timeline

Dec 9, 2025 CVE Published
Dec 18, 2025 CVE Updated
Dec 18, 2025 PoC Published
Dec 19, 2025 EPSS Score
Dec 19, 2025 PoC Published
Dec 19, 2025 PoC Published
Dec 19, 2025 PoC Published
Dec 19, 2025 PoC Published
Dec 19, 2025 PoC Published
Dec 22, 2025 EPSS Score
Dec 26, 2025 EPSS Score
Dec 29, 2025 EPSS Score

References

Azure Container Apps Remote Code Execution Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-65037 advisory

Open in Interactive Console →