CVE-2025-24989

Name of the Vulnerable Software and Affected Versions Microsoft Power Pages (affected versions not specified)

Description The issue is related to improper access control in Microsoft Power Pages, allowing an unauthorized attacker to elevate privileges over a network, potentially bypassing user registration control. This vulnerability has already been mitigated in the service, and all affected customers have been notified. The update addressed the registration control bypass, and affected customers have been given instructions on reviewing their sites for potential exploitation and cleanup methods.

Recommendations As a temporary workaround, consider restricting access to sensitive resources and applying the principle of least privilege until a patch is available. Review sites for potential exploitation and cleanup methods as instructed by Microsoft. Check logs for potential compromises, including suspicious registrations and changes in privileges.