CVE-2025-24989
Microsoft Power Pages Elevation of Privilege Vulnerability
CVSS Score
8.2
EPSS Score
0.0%
EPSS Percentile
0th
An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected customers have been notified. This update addressed the registration control bypass. Affected customers have been given instructions on reviewing their sites for potential exploitation and clean up methods. If you've not been notified this vulnerability does not affect you.
| Vendor | microsoft |
| Product | microsoft power pages |
| Ecosystems | |
| Industries | TechnologyEnterprise |
| Published | Feb 19, 2025 |
| Last Updated | Feb 13, 2026 |
โ ๏ธ Actively Exploited โ Act Now
Get instant alerts for microsoft microsoft power pages
This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2025-24989.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N/E:U/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
Microsoft / Microsoft Power Pages
-