Security News > 2025 > February > Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability

2025-02-20 04:29
Microsoft has released security updates to address two Critical-rated flaws impacting Bing and Power Pages, including one that has come under active exploitation in the wild. The vulnerabilities are listed below - CVE-2025-21355 (CVSS score: 8.6) - Microsoft Bing Remote Code Execution Vulnerability CVE-2025-24989 (CVSS score: 8.2) - Microsoft Power Pages Elevation of Privilege Vulnerability "
News URL
https://thehackernews.com/2025/02/microsoft-patches-actively-exploited.html
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2025-02-19 | CVE-2025-24989 | Unspecified vulnerability in Microsoft Power Pages An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected customers have been notified. | 9.8 |
2025-02-19 | CVE-2025-21355 | Missing Authentication for Critical Function vulnerability in Microsoft Bing Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network | 9.8 |