Security News > 2025 > February > Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability

Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability
2025-02-20 04:29

Microsoft has released security updates to address two Critical-rated flaws impacting Bing and Power Pages, including one that has come under active exploitation in the wild. The vulnerabilities are listed below - CVE-2025-21355 (CVSS score: 8.6) - Microsoft Bing Remote Code Execution Vulnerability CVE-2025-24989 (CVSS score: 8.2) - Microsoft Power Pages Elevation of Privilege Vulnerability "


News URL

https://thehackernews.com/2025/02/microsoft-patches-actively-exploited.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2025-02-19 CVE-2025-24989 Unspecified vulnerability in Microsoft Power Pages
An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected customers have been notified.
network
low complexity
microsoft
critical
9.8
2025-02-19 CVE-2025-21355 Missing Authentication for Critical Function vulnerability in Microsoft Bing
Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network
network
low complexity
microsoft CWE-306
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 381 52 1423 2925 176 4576