THREATOPS
THREAT OPSCVEs › CVE-2025-24989

CVE-2025-24989 — Microsoft Power Pages Improper Access Control Vulnerability

CISA KEVExploited: confirmedMicrosoft

Microsoft Power Pages contains an improper access control vulnerability that allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control.

Vulnerability details