CVE-2025-65037: CWE-94: Improper Control of Generation of Code ('Code Injection') in Microsoft Azure Container Apps
Improper control of generation of code ('code injection') in Azure Container Apps allows an unauthorized attacker to execute code over a network.
AI Analysis
Technical Summary
This vulnerability (CVE-2025-65037) in Microsoft Azure Container Apps is due to improper control of code generation, enabling remote code execution by an unauthenticated attacker. The CVSS 3.1 base score is 10.0, reflecting network attack vector, no required privileges or user interaction, and complete compromise of confidentiality, integrity, and availability. The vulnerability is categorized under CWE-94 (Code Injection). Although no specific affected versions are listed, the vendor has released a patch to address the issue. No exploits are currently known in the wild.
Potential Impact
Successful exploitation allows an attacker to execute arbitrary code remotely on the affected Azure Container Apps environment, leading to full system compromise including complete loss of confidentiality, integrity, and availability. This could result in unauthorized data access, modification, or service disruption.
Mitigation Recommendations
A patch is available from Microsoft to remediate this vulnerability. It is recommended to apply the official fix promptly to prevent exploitation. Since Azure Container Apps is not a cloud service in this context, customers must apply the patch themselves. There are no known exploits in the wild, but timely patching is critical due to the high severity.
CVE-2025-65037: CWE-94: Improper Control of Generation of Code ('Code Injection') in Microsoft Azure Container Apps
Description
Improper control of generation of code ('code injection') in Azure Container Apps allows an unauthorized attacker to execute code over a network.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2025-65037) in Microsoft Azure Container Apps is due to improper control of code generation, enabling remote code execution by an unauthenticated attacker. The CVSS 3.1 base score is 10.0, reflecting network attack vector, no required privileges or user interaction, and complete compromise of confidentiality, integrity, and availability. The vulnerability is categorized under CWE-94 (Code Injection). Although no specific affected versions are listed, the vendor has released a patch to address the issue. No exploits are currently known in the wild.
Potential Impact
Successful exploitation allows an attacker to execute arbitrary code remotely on the affected Azure Container Apps environment, leading to full system compromise including complete loss of confidentiality, integrity, and availability. This could result in unauthorized data access, modification, or service disruption.
Mitigation Recommendations
A patch is available from Microsoft to remediate this vulnerability. It is recommended to apply the official fix promptly to prevent exploitation. Since Azure Container Apps is not a cloud service in this context, customers must apply the patch themselves. There are no known exploits in the wild, but timely patching is critical due to the high severity.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- microsoft
- Date Reserved
- 2025-11-13T16:18:07.466Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69447c134eb3efac36aec213
Added to database: 12/18/2025, 10:11:31 PM
Last enriched: 4/17/2026, 11:18:51 AM
Last updated: 5/10/2026, 2:10:39 AM
Views: 369
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.