CVE-2025-24989 - Microsoft Power Pages Improper Access Control Vulnerability
Project:Microsoft
Product:Power Pages
Date Added:2025-02-21Due Date:2025-03-14
Vulnerability Name
Microsoft Power Pages Improper Access Control Vulnerability
Description
Microsoft Power Pages contains an improper access control vulnerability that allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions, follow BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-24989
https://nvd.nist.gov/vuln/detail/CVE-2025-24989