Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability

2025-02-20 04:29

Microsoft has released security updates to address two Critical-rated flaws impacting Bing and Power Pages, including one that has come under active exploitation in the wild. The vulnerabilities are listed below - CVE-2025-21355 (CVSS score: 8.6) - Microsoft Bing Remote Code Execution Vulnerability CVE-2025-24989 (CVSS score: 8.2) - Microsoft Power Pages Elevation of Privilege Vulnerability "

News URL

https://thehackernews.com/2025/02/microsoft-patches-actively-exploited.html

#microsoft #vulnerability #CVE-2025-24989 #CVE-2025-21355

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2025-02-19	CVE-2025-24989	An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected cusomters have been notified. network low complexity CWE-284	8.2
2025-02-19	CVE-2025-21355	Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network network low complexity CWE-306	8.6

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Microsoft		380	51	1407	2901	174	4533

News URL

Related news

Related Vulnerability

Related vendor