THREAT OPS › CVEs › CVE-2025-24989
CVE-2025-24989 — Microsoft Power Pages Improper Access Control Vulnerability
Microsoft Power Pages contains an improper access control vulnerability that allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control.
Vulnerability details
- Affected productsPower Pages
- KEV remediation due2025-03-14