Security News > 2025 > February > Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability

Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability
2025-02-20 04:29

Microsoft has released security updates to address two Critical-rated flaws impacting Bing and Power Pages, including one that has come under active exploitation in the wild. The vulnerabilities are listed below - CVE-2025-21355 (CVSS score: 8.6) - Microsoft Bing Remote Code Execution Vulnerability CVE-2025-24989 (CVSS score: 8.2) - Microsoft Power Pages Elevation of Privilege Vulnerability "


News URL

https://thehackernews.com/2025/02/microsoft-patches-actively-exploited.html

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2025-02-19 CVE-2025-24989 Unspecified vulnerability in Microsoft Power Pages
An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected customers have been notified.
network
low complexity
microsoft
critical
 9.8
9.8
2025-02-19 CVE-2025-21355 Missing Authentication for Critical Function vulnerability in Microsoft Bing
Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network
network
low complexity
microsoft CWE-306
critical
 9.8
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 381 52 1423 2925 176 4576