Code Injection Vulnerability in Azure Container Apps by Microsoft
CVE-2025-65037

10CRITICAL

Key Information:

Vendor

Microsoft
Status
Azure Container Apps
Vendor
CVE Published:
18 December 2025

What is CVE-2025-65037?

A security flaw in Azure Container Apps enables unauthorized attackers to execute arbitrary code remotely through insufficient control over code generation. This vulnerability poses significant risks, as it allows malicious actors to manipulate network interactions and potentially gain unauthorized access to sensitive resources.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Azure Container Apps -

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisorypatch

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.