CVE-2025-24989
Microsoft Power Pages Improper Access Control Vulnerability
CVSS
—
Sin CVSS
EPSS
1.7%
p74
KEV
SÍ
21 feb 2025
Exploit Today
72
0-100
Publicado: — · Última mod.: —
Producto
Microsoft / Power Pages
Vulnerabilidad
Microsoft Power Pages Improper Access Control Vulnerability
Añadido a KEV
21 feb 2025
Remediar antes de
14 mar 2025
Uso conocido en ransomware
No
Descripción resumida
Microsoft Power Pages contains an improper access control vulnerability that allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control.
Acción requerida
Apply mitigations per vendor instructions, follow BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notas
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-24989 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24989
Sin CVEs relacionados por CWE o producto.