Microsoft Azure Application Gateway — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Azure Application Gateway, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2025-64657 — CVSS 9.8 (critical): Stack-based buffer overflow in Azure Application Gateway allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-64656 — CVSS 9.4 (critical): Out-of-bounds read in Application Gateway allows an unauthorized attacker to elevate privileges over a network.