Summary: Microsoft has addressed a high-severity elevation of privilege vulnerability, CVE-2025-24989, in Power Pages that allowed unauthorized access and privilege elevation. The flaw has been mitigated, and affected customers have been informed with guidance for detecting potential compromises. Those not notified are likely unaffected by this vulnerability.
Affected: Microsoft Power Pages
Keypoints :
- The vulnerability allows hackers to bypass user registration controls and elevate privileges over a network.
- Microsoft has provided instructions for impacted clients to review their sites for potential exploitation.
- Administrators are advised to check activity logs and user registrations, and to enforce multi-factor authentication across accounts.