CVE-2025-24989
Microsoft Power Pages Improper Access Control Vulnerability
CVSS
—
No CVSS
EPSS
1.7%
p74
KEV
YES
Feb 21, 2025
Exploit Today
72
0-100
Published: — · Last modified: —
Product
Microsoft / Power Pages
Vulnerability
Microsoft Power Pages Improper Access Control Vulnerability
Added to KEV
Feb 21, 2025
Remediate by
Mar 14, 2025
Known ransomware use
No
Summary description
Microsoft Power Pages contains an improper access control vulnerability that allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control.
Required action
Apply mitigations per vendor instructions, follow BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-24989 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24989
No related CVEs by CWE or product.