Stack-based Buffer Overflow in Azure Application Gateway by Microsoft
CVE-2025-64657

9.8CRITICAL

Key Information:

Vendor: Microsoft
Status: Azure App Gateway
Vendor: CVE Published:; 26 November 2025

Badges

📰 News Worthy

What is CVE-2025-64657?

A stack-based buffer overflow vulnerability exists in Azure Application Gateway, allowing unauthorized users to execute arbitrary code and potentially elevate their privileges over a network. This flaw could result in unauthorized data access and manipulation. Administrators are advised to implement the latest patches and monitor their systems for any unusual activity to mitigate the risks associated with this vulnerability.

Affected Version(s)

Azure App Gateway Unknown

News Articles

Crowe

CVE-2025-64657 CVE-2025-41115

November 2025 Cybersecurity Threat Advisory | Crowe UAE

Stay ahead of cyber threats with in-depth analysis of critical vulnerabilities, major attacks, and expert recommendations from the November 17–23, 2025 Threat Advisory. Learn about CVEs, brute-force surges, and proactive defense for your organization.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

📰
First article discovered by Crowe
Nov 26, 2025
Vulnerability published
Nov 26, 2025
Vulnerability Reserved
Nov 6, 2025

JSON