CVE-2025-24989

High KEV CVSS: 8.2

An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control.
This vulnerability has already been mitigated in the service and all affected customers have been notified. This update addressed the registration control bypass. Affected customers have been given instructions on reviewing their sites for potential exploitation and clean up methods. If you've not been notified this vulnerability does not affect you.

Vendor

Microsoft

Product

Power Pages

CWE

CWE-284

Yayın Tarihi

2025-02-19 23:15:15

Güncelleme

2025-10-27 17:14:03

Source Identifier

secure@microsoft.com

KEV Date Added

2025-02-21

Kategoriler

CWE-284 Power Pages HIGH Microsoft 2025

Referanslar

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24989 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24989

Benzer Kayıtlar

Critical

CVE-2026-33107

Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a netw…

Critical

CVE-2026-33105

Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over…

Critical

CVE-2026-32213

Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network.

Critical

CVE-2026-32211

Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information…

High

CVE-2026-32173

Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network.

Critical

CVE-2026-26135

Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to ele…