CVE-2025-24989 - PatchNow

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-02-19

Added to CISA KEV: 2025-02-21 2 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review logs, check for unauthorized access, verify system integrity
Review Power Pages applications for signs of unauthorized user registrations or privilege escalations
Follow Microsoft's cleanup instructions if you received notification of being affected
Monitor Power Pages access logs for suspicious activity or unauthorized access attempts
Verify user access controls and permissions are properly configured
Patch priority: IMMEDIATE - vulnerability is cloud-based and already patched by Microsoft, but affected customers should follow remediation guidance

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2025-24989 is an improper access control vulnerability affecting Microsoft Power Pages that was identified and addressed in February 2025 ^[1] ^[2].

Below is a summary of the known details regarding this vulnerability:

Active Exploitation and Threat Actor Usage

Status: The vulnerability was confirmed to have been exploited in the wild prior to its disclosure and mitigation ^[2] ^[4].
Threat Actors: Specific details regarding the threat actors or specific ransomware campaigns utilizing this vulnerability have not been publicly attributed in major security reports.

Attack Method and Requirements

Method: The flaw is an improper access control issue that allows an unauthorized attacker to elevate privileges over a network and bypass user registration controls ^[1] ^[3].
Requirements: It is a network-based attack that does not require local access. Public reports do not indicate that user interaction is a necessary component for successful exploitation.

Impact

Access/Impact: Successful exploitation allows an attacker to bypass user registration controls and elevate their privileges within the context of the affected Power Pages site ^[1] ^[2].

Exploit Availability

There are no widely publicized, public proof-of-concept (PoC) exploit tools or scripts available in common security repositories for this vulnerability.

Affected Products and Mitigation Status

Affected Product: Microsoft Power Pages.
Status: The vulnerability has been mitigated at the service level by Microsoft?changeRecordedOn=02/21/2025T13:15:36.903-0500?kagi_q=CVE-2025-24989 ^[2].
Remediation: Microsoft notified impacted customers directly and provided instructions on how to review their sites for potential unauthorized activity and perform necessary cleanup?changeRecordedOn=02/21/2025T13:15:36.903-0500?kagi_q=CVE-2025-24989 ^[3]. Users of Power Pages are advised to follow the guidance provided by Microsoft in their security notifications.

Sources

CVE-2025-24989 Detail - NVD
An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user ... Secure .gov websites use HTTPS A lock () or https:// means you've safely connected to the .gov website. Share sensitive information only on…
Microsoft fixes Power Pages zero-day bug exploited in attacks
The vulnerability, tracked as CVE-2025-24989, is an improper access control problem that allows unauthorized actors to elevate their privileges over a network and bypass user registration controls. Microsoft has addressed the risk at the service level and notified impacted customers, but users shoul…
CVE-2025-24989 - GitHub Advisory Database
A high severity vulnerability in Power Pages allows an unauthorized attacker to bypass user registration control. The vulnerability has been mitigated and affected customers have been notified and instructed to review their sites.
Microsoft Power Pages vulnerability exploited in the wild
The vulnerability, listed as CVE-2025-24989, is an improper access control flaw that allows privilege escalation in Microsoft Power Pages.

🔴 CVE-2025-24989