CVE-2025-24989

Published Feb 19, 2025

Last updated a month ago

Exploit knownCVSS high 8.2

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-24989 is an improper access control vulnerability in Microsoft Power Pages, a low-code platform used to create and manage business websites. Exploitation of this flaw allows unauthorized actors to escalate privileges on the network and bypass user registration controls, potentially granting them access they shouldn't have. Microsoft has addressed this vulnerability at the service level and notified affected customers. Those who haven't received a notification are not considered affected. Microsoft has provided instructions to affected customers on how to check their sites for signs of compromise and steps to take for remediation. This vulnerability has been actively exploited in the wild.

Description
An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected customers have been notified. This update addressed the registration control bypass. Affected customers have been given instructions on reviewing their sites for potential exploitation and clean up methods. If you've not been notified this vulnerability does not affect you.
Source
secure@microsoft.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Microsoft Power Pages Improper Access Control Vulnerability
Exploit added on
Feb 21, 2025
Exploit action due
Mar 14, 2025
Required action
Apply mitigations per vendor instructions, follow BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

secure@microsoft.com
CWE-284
nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score
Not currently trending

  1. Actively exploited CVE : CVE-2025-24989

    @transilienceai

    10 Mar 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. Actively exploited CVE : CVE-2025-24989

    @transilienceai

    9 Mar 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. Actively exploited CVE : CVE-2025-24989

    @transilienceai

    7 Mar 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. Actively exploited CVE : CVE-2025-24989

    @transilienceai

    7 Mar 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. Actively exploited CVE : CVE-2025-24989

    @transilienceai

    5 Mar 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. Actively exploited CVE : CVE-2025-24989

    @transilienceai

    4 Mar 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. Actively exploited CVE : CVE-2025-24989

    @transilienceai

    3 Mar 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  8. Actively exploited CVE : CVE-2025-24989

    @transilienceai

    2 Mar 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. Actively exploited CVE : CVE-2025-24989

    @transilienceai

    1 Mar 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  10. Actively exploited CVE : CVE-2025-24989

    @transilienceai

    28 Feb 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  11. Actively exploited CVE : CVE-2025-24989

    @transilienceai

    28 Feb 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  12. Actively exploited CVE : CVE-2025-24989

    @transilienceai

    27 Feb 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  13. Actively exploited CVE : CVE-2025-24989

    @transilienceai

    26 Feb 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  14. Actively exploited CVE : CVE-2025-24989

    @transilienceai

    26 Feb 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  15. Actively exploited CVE : CVE-2025-24989

    @transilienceai

    25 Feb 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  16. 🚨 ALERTĂ - Vulnerabilități critice de securitate cibernetică identificate la nivelul unor produse Microsoft 🔓 CVE-2025-24989 este o vulnerabilitate legată de gestionarea defectuoasă a accesului în Microsoft Power Pages, permițând unui atacator neautentificat să escaladeze http

    @DNSC_RO

    25 Feb 2025

    155 Impressions

    2 Retweets

    4 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  17. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-24989 #Microsoft Power Pages Improper Access Control Vulnerability https://t.co/CgG6AdekUK

    @ScyScan

    24 Feb 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. Actively exploited CVE : CVE-2025-24989

    @transilienceai

    24 Feb 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  19. csirt_it: La Settimana Cibernetica del 23 febbraio 2025 🔹aggiornamenti per molteplici prodotti 🔹Xerox: rilevate vulnerabilità in prodotti Versalink 🔹XWiki: PoC per la CVE-2025-24893 🔹Microsoft: sfruttamento attivo in rete della CVE-2025-24989 ⚠️ #E… https://t.co/flACCIWbA4

    @Vulcanux_

    24 Feb 2025

    56 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. Actively exploited CVE : CVE-2025-24989

    @transilienceai

    23 Feb 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  21. CVE-2025-24989 added to CISA KEV #CISAKEV #CVE-2025-24889 #MicrosoftPowerPages https://t.co/ojX1pxvoAG

    @pravin_karthik

    22 Feb 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. Microsoft, Mise en garde CISA sur l’exploitation d’une faille de Sécurité Power Pages d’élévation de privilèges. (CVE-2025-24989) https://t.co/5ZsRyA9C0z #.Compromission du système #.Correctif #.Elévation de Privilèges #.Exploitation #.Faille #CISA

    @NicolasCoolman

    22 Feb 2025

    12 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. Actively exploited CVE : CVE-2025-24989

    @transilienceai

    22 Feb 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  24. 米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログにMicrosoft Power Pagesにおける不適切なアクセス制御(CVE-2025-24989)を追加。対処期限は通常の3/14。ランサムウェアによる悪用は不知。 https://t.co/alnrwg4KPN

    @__kokumoto

    22 Feb 2025

    777 Impressions

    1 Retweet

    6 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  25. Actively exploited CVE : CVE-2025-24989

    @transilienceai

    22 Feb 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  26. 🛡️ We added Microsoft Power Pages improper access control vulnerability CVE-2025-24989 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/Or0b3gd3Oc & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec

    @ReportScamNow

    21 Feb 2025

    22 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  27. Microsoft Patches Power Pages Zero-Day (CVE-2025-24989) & Recent PAN-OS Flaw (CVE-2025-0111) Joins CISA KEV https://t.co/hs4eZew8QQ #security #feedly

    @go_stripe

    21 Feb 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. Microsoft has alerted users to a high-severity privilege escalation vulnerability in Power Pages, identified as CVE-2025-24989. This no-code website-building platform flaw has been actively exploited as a zero-day attack. https://t.co/JA12kBty3r #Vunerability #Microsoft

    @CandidTodayTech

    21 Feb 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. Vulnérabilité critique dans Microsoft Power Pages (CVE-2025-24989) : élévation de privilèges signalée et activement exploitée. Alertes de sécurité critiques pour Analystes Sécurité très techniques à ne pas manquer ! #Cybersécurité #CVE #AlerteSécurité 👉 https://t.co/YaVLPV6w94

    @CyberAlertFr

    21 Feb 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. ⚠️ Vulnerability Alert: Power Pages Elevation of Privilege Vulnerability 📅 Timeline: Disclosure: 2025-02-20 Patch: 2025-02-20 📌 Attribution: Microsoft 🆔 cveId: CVE-2025-24989 📊 baseScore: 8.2 📏 cvssMetrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N cvssSeverity:… ht

    @syedaquib77

    21 Feb 2025

    21 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. 🚨 CVE-2025-24989 🔴 HIGH (8.2) 🏢 Microsoft - Microsoft Power Pages 🏗️ N/A 🔗 https://t.co/KpWbr3q8gv #CyberCron #VulnAlert https://t.co/hZw5jzG2I9

    @cybercronai

    21 Feb 2025

    171 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    1 Quote

  32. Microsoft has issued a security bulletin for a high-severity elevation of privilege vulnerability in Power Pages, which hackers exploited as a zero-day in attacks, tracked as CVE-2025-24989, is an improper access control problem . https://t.co/5WFJfyiXDq https://t.co/SsbpWk8n97

    @riskigy

    20 Feb 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. csirt_it: ‼️ #Microsoft: rilevato lo sfruttamento attivo in rete della vulnerabilità CVE-2025-24989 – già sanata dal vendor – relativa al prodotto #PowerPages Rischio: 🔴 🔸 Elevation of Privilege 🔗 https://t.co/n3C2JUxk5y ⚠ Importante mantenere i … https://t.co/eRov0hkFkZ

    @Vulcanux_

    20 Feb 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. Microsoft has patched CVE-2025-24989, a Power Pages privilege escalation vulnerability that has been exploited in attacks. https://t.co/eLHqu8mqfk

    @EduardKovacs

    20 Feb 2025

    657 Impressions

    2 Retweets

    7 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  35. 🚨CVE Alert: Microsoft Power Pages Elevation of Privilege Vulnerability Exploited In The Wild🚨 Vulnerability Details: CVE-2025-24989 (CVSS 8.2/10) Microsoft Power Pages Elevation of Privilege Vulnerability Impact: A Successful exploit may allow an attacker could potentially… h

    @CyberxtronTech

    20 Feb 2025

    68 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  36. ⚠️ Vulnerability Alert: Power Pages Privilege Escalation Vulnerability 📅 Timeline: Disclosure: 2025-02-04, Patch: 2025-02-20 📌 Attribution: Raj Kumar (Microsoft Employee) 🆔cveId: CVE-2025-24989 📊baseScore: 8.2 📏cvssMetrics: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H… https://t.c

    @syedaquib77

    20 Feb 2025

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  37. #securityupdate #microsoft #定例外 2025. 2.19 Microsoft Power Pages Elevation of Privilege Vulnerability CVE-2025-24989 Security Vulnerability リリース日: 2025年2月19日 - マイクロソフト https://t.co/GGGxTnw0am

    @kawn2020

    20 Feb 2025

    75 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    1 Quote

  38. 🚨 Microsoft has issued high-severity security updates for Bing (CVE-2025-21355) and Power Pages (CVE-2025-24989), addressing two serious flaws. One of these vulnerabilities is already being exploited in the wild. Read more: https://t.co/QDr5WQQLPr

    @TheHackersNews

    20 Feb 2025

    12323 Impressions

    60 Retweets

    105 Likes

    16 Bookmarks

    1 Reply

    2 Quotes

Configurations

References