AI description
CVE-2025-24989 is an improper access control vulnerability in Microsoft Power Pages, a low-code platform used to create and manage business websites. Exploitation of this flaw allows unauthorized actors to escalate privileges on the network and bypass user registration controls, potentially granting them access they shouldn't have. Microsoft has addressed this vulnerability at the service level and notified affected customers. Those who haven't received a notification are not considered affected. Microsoft has provided instructions to affected customers on how to check their sites for signs of compromise and steps to take for remediation. This vulnerability has been actively exploited in the wild.
- Description
- An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected customers have been notified. This update addressed the registration control bypass. Affected customers have been given instructions on reviewing their sites for potential exploitation and clean up methods. If you've not been notified this vulnerability does not affect you.
- Source
- secure@microsoft.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.2
- Impact score
- 4.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Microsoft Power Pages Improper Access Control Vulnerability
- Exploit added on
- Feb 21, 2025
- Exploit action due
- Mar 14, 2025
- Required action
- Apply mitigations per vendor instructions, follow BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- secure@microsoft.com
- CWE-284
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
🛡️ We added Microsoft Power Pages improper access control vulnerability CVE-2025-24989 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/Or0b3gd3Oc & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec
@ReportScamNow
21 Feb 2025
20 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Microsoft Patches Power Pages Zero-Day (CVE-2025-24989) & Recent PAN-OS Flaw (CVE-2025-0111) Joins CISA KEV https://t.co/hs4eZew8QQ #security #feedly
@go_stripe
21 Feb 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft has alerted users to a high-severity privilege escalation vulnerability in Power Pages, identified as CVE-2025-24989. This no-code website-building platform flaw has been actively exploited as a zero-day attack. https://t.co/JA12kBty3r #Vunerability #Microsoft
@CandidTodayTech
21 Feb 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Vulnérabilité critique dans Microsoft Power Pages (CVE-2025-24989) : élévation de privilèges signalée et activement exploitée. Alertes de sécurité critiques pour Analystes Sécurité très techniques à ne pas manquer ! #Cybersécurité #CVE #AlerteSécurité 👉 https://t.co/YaVLPV6w94
@CyberAlertFr
21 Feb 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerability Alert: Power Pages Elevation of Privilege Vulnerability 📅 Timeline: Disclosure: 2025-02-20 Patch: 2025-02-20 📌 Attribution: Microsoft 🆔 cveId: CVE-2025-24989 📊 baseScore: 8.2 📏 cvssMetrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N cvssSeverity:… ht
@syedaquib77
21 Feb 2025
21 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-24989 🔴 HIGH (8.2) 🏢 Microsoft - Microsoft Power Pages 🏗️ N/A 🔗 https://t.co/KpWbr3q8gv #CyberCron #VulnAlert https://t.co/hZw5jzG2I9
@cybercronai
21 Feb 2025
171 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
1 Quote
Microsoft has issued a security bulletin for a high-severity elevation of privilege vulnerability in Power Pages, which hackers exploited as a zero-day in attacks, tracked as CVE-2025-24989, is an improper access control problem . https://t.co/5WFJfyiXDq https://t.co/SsbpWk8n97
@riskigy
20 Feb 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
csirt_it: ‼️ #Microsoft: rilevato lo sfruttamento attivo in rete della vulnerabilità CVE-2025-24989 – già sanata dal vendor – relativa al prodotto #PowerPages Rischio: 🔴 🔸 Elevation of Privilege 🔗 https://t.co/n3C2JUxk5y ⚠ Importante mantenere i … https://t.co/eRov0hkFkZ
@Vulcanux_
20 Feb 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft has patched CVE-2025-24989, a Power Pages privilege escalation vulnerability that has been exploited in attacks. https://t.co/eLHqu8mqfk
@EduardKovacs
20 Feb 2025
657 Impressions
2 Retweets
7 Likes
1 Bookmark
0 Replies
0 Quotes
🚨CVE Alert: Microsoft Power Pages Elevation of Privilege Vulnerability Exploited In The Wild🚨 Vulnerability Details: CVE-2025-24989 (CVSS 8.2/10) Microsoft Power Pages Elevation of Privilege Vulnerability Impact: A Successful exploit may allow an attacker could potentially… h
@CyberxtronTech
20 Feb 2025
68 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerability Alert: Power Pages Privilege Escalation Vulnerability 📅 Timeline: Disclosure: 2025-02-04, Patch: 2025-02-20 📌 Attribution: Raj Kumar (Microsoft Employee) 🆔cveId: CVE-2025-24989 📊baseScore: 8.2 📏cvssMetrics: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H… https://t.c
@syedaquib77
20 Feb 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#securityupdate #microsoft #定例外 2025. 2.19 Microsoft Power Pages Elevation of Privilege Vulnerability CVE-2025-24989 Security Vulnerability リリース日: 2025年2月19日 - マイクロソフト https://t.co/GGGxTnw0am
@kawn2020
20 Feb 2025
75 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
1 Quote
🚨 Microsoft has issued high-severity security updates for Bing (CVE-2025-21355) and Power Pages (CVE-2025-24989), addressing two serious flaws. One of these vulnerabilities is already being exploited in the wild. Read more: https://t.co/QDr5WQQLPr
@TheHackersNews
20 Feb 2025
12323 Impressions
60 Retweets
105 Likes
16 Bookmarks
1 Reply
2 Quotes