Microsoft fixes vulnerability in Power Pages exploited by cybercriminals

📟 News

Date: 21/02/2025

Microsoft patched a severe privilege escalation vulnerability in Power Pages used by hackers as a 0-day.

The vulnerability tracked as CVE-2025-24989 (CVSS score 8.2) pertains to improper access control in Power Pages and enables an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control.

Microsoft has already fixed this vulnerability in the service and all affected customers have been notified.

“Affected customers have been given instructions on reviewing their sites for potential exploitation and clean up methods. If you’ve not been notified this vulnerability does not affect you,” – Microsoft,

Among other things, administrators are advised to review logs for suspicious activities, user registrations, or unauthorized changes. Since CVE-2025-24989 is a privilege escalation vulnerability, user lists should be carefully reviewed, with special attention paid to administrators and high-privileged users.

Microsoft didn’t provide any details about vulnerability exploitation mechanisms used in the attacks, but since Power Pages is a cloud service, it’s clear that these attacks were delivered remotely.

In addition, Microsoft fixed this week an RCE vulnerability in Bing tracked as CVE-2025-21355 (CVSS score 8.6). No reports of attacks exploiting this bug were released.

Related posts:
2025.01.30 — Hackers use vulnerabilities in SimpleHelp RMM to attack corporate networks

Experts believe that recently patched vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM) were used by attackers to gain initial access to corporate networks. A number…

Full article →
2025.04.29 — FBI Offers 10 million USD for information on Salt Typhoon members

The FBI offers up to 10 million USD for information about members of the Chinese hacker group Salt Typhoon and last year's attack that had…

Full article →
2025.04.07 — Critical RCE vulnerability discovered in Apache Parquet

All versions of Apache Parquet up to and including 1.15.0 are affected by a critical remote code execution (RCE) vulnerability whose CVSS score is 10 out…

Full article →
2025.04.10 — April updates released by Microsoft cause issues with Windows Hello

Microsoft warns that some Windows users who have installed the April updates might be unable to login to their Windows services using Windows Hello facial recognition…

Full article →
2025.02.14 — 12,000 Kerio Control firewalls remain vulnerable to RCE

Security experts report that more than 12,000 GFI Kerio Control firewall instances remain vulnerable to the critical RCE vulnerability CVE-2024-52875, which was fixed…

Full article →
2025.03.24 — Alexa to stop processing data locally. All voice requests will be sent to Amazon Cloud

Amazon announced that the privacy option allowing users of Echo speakers to avoid sending their voice recordings to the company's cloud will no longer be supported. Effective March…

Full article →
2025.01.27 — YouTube plays hour-long ads to users with ad blockers

Users complain that YouTube plays very long unskippable ads. Sometimes such ads are longer than the video the person is watching. The issue was raised…

Full article →
2025.03.10 — Nearly a million Windows computers impacted by a malvertising campaign

According to Microsoft, nearly 1 million Windows devices fell victim to a sophisticated malvertising campaign in recent months. Cybercriminals were able to steal credentials, cryptocurrency, and sensitive…

Full article →
2025.02.08 — Hackers exploit RCE vulnerability in Microsoft Outlook

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned Federal Civilian Executive Branch (FCEB) Agencies that they have to secure their systems from ongoing…

Full article →
2025.01.25 — 18,000 script kiddies have been infected with backdoor via XWorm RAT builder

According to CloudSEK analysts, malefactors attack novice hackers using a fake malware builder. Script kiddies' systems become infected with a backdoor that steals data and subsequently…

Full article →