Microsoft fixes Power Pages zero-day bug exploited in attacks
Microsoft has issued a security bulletin for a high-severity elevation of privilege vulnerability in Power Pages, which hackers exploited as a zero-day in attacks.
The flaw, tracked as CVE-2025-24989, is an improper access control problem impacting Power Pages, allowing unauthorized actors to elevate their privileges over a network and bypass user registration controls.
Microsoft says it has addressed the risk at the service level and notified impacted customers accordingly, enclosing instructions on how to detect potential compromise.
"This vulnerability has already been mitigated in the service and all affected customers have been notified. This update addressed the registration control bypass," reads Microsoft's security bulletin.
"Affected customers have been given instructions on reviewing their sites for potential exploitation and clean up methods. If you've not been notified this vulnerability does not affect you."
Microsoft Power Pages is a low-code, SaaS-based web development platform that allows users to create, host, and manage secure external-facing business websites.
It is part of the Microsoft Power Platform, which includes tools like Power BI, Power Apps, and Power Automate.
Since Power Pages is a cloud-based service, it can be assumed that exploitation occurred remotely.
The software giant has not provided details about how the flaw was exploited in attacks.
In addition to the Power Pages flaw, Microsoft also fixed a Bing remote code execution vulnerability yesterday, which is tracked as CVE-2025-21355 but has not been marked as exploited.
Problem fixed, but checks required
Microsoft has already applied fixes to the Power Pages service, and the vendor has privately shared guidance directly with impacted clients. Still, there are some generic security advice users may consider.
Admins should review actvitiy logs for suspicious actions, user registrations, or unauthorized changes.
Since CVE-2025-24989 is an elevation of privilege bug, user lists should also be scrutinized to verify administrators and high-privileged users.
Recent changes in privileges, security roles, permissions, and web page access controls should be examined further.
Rogue accounts or those showing unauthorized activity should be immediately revoked, affected credentials should be reset, and multi-factor authentication (MFA) should be enforced across all accounts.
If you weren't notified by Microsoft, your system was likely not affected.
Integrating LLMs into security operations using Wazuh
Microsoft testing fix for Windows 11 bug breaking SSH connections
CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
CVE-2018-8639 Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability
CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability
CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability
CVE-2017-0148 Microsoft SMBv1 Server Remote Code Execution Vulnerability
CVE-2018-19410 Paessler PRTG Network Monitor Local File Inclusion Vulnerability
InformationalBase64 Disclosure
MediumFile Upload
MediumInteger Overflow Error
InformationalCharset Mismatch
Free online web security scanner