Vulnerabilities > CVE-2025-24989 - Unspecified vulnerability in Microsoft Power Pages

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

microsoft

critical

NVD

Published: 2025-02-19

Updated: 2025-02-24

Summary

An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected customers have been notified. This update addressed the registration control bypass. Affected customers have been given instructions on reviewing their sites for potential exploitation and clean up methods. If you've not been notified this vulnerability does not affect you.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Power Pages -	1

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24989

Summary

Vulnerable Configurations

Related news

References