What is the severity of CVE-2025-24989?

The CVE-2025-24989 vulnerability is classified as a serious security threat due to its potential for unauthorized privilege escalation.

How do I fix CVE-2025-24989?

CVE-2025-24989 has already been mitigated in the service, so affected customers do not need to take action at this time.

What is the impact of CVE-2025-24989?

CVE-2025-24989 allows unauthorized attackers to potentially bypass user registration controls and elevate their privileges over the network.

Is there a patch for CVE-2025-24989?

As CVE-2025-24989 has been mitigated by Microsoft, there is no need for a separate patch for affected users.

Who is affected by CVE-2025-24989?

Users of Microsoft Power Pages may have been affected by the CVE-2025-24989 vulnerability.

Vulnerability/
CVE-2025-24989

Exploited

high

8.2

CWE

284

EPSS

1.179%

19/2/2025

22/2/2025

CVE-2025-24989: Microsoft Power Pages Elevation of Privilege Vulnerability

First published: Wed Feb 19 2025(Updated: )

An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected cusomters have been notified. This update addressed the registration control bypass. Affected customers have been given instructions on reviewing their sites for potential exploitation and clean up methods. If you've not been notified this vulnerability does not affect you.

Credit: secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft Power Pages

Remedy

Apply mitigations per vendor instructions, follow BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Never miss a vulnerability like this again

Reference Links

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2025-21355

Frequently Asked Questions

What is the severity of CVE-2025-24989?
The CVE-2025-24989 vulnerability is classified as a serious security threat due to its potential for unauthorized privilege escalation.
How do I fix CVE-2025-24989?
CVE-2025-24989 has already been mitigated in the service, so affected customers do not need to take action at this time.
What is the impact of CVE-2025-24989?
CVE-2025-24989 allows unauthorized attackers to potentially bypass user registration controls and elevate their privileges over the network.
Is there a patch for CVE-2025-24989?
As CVE-2025-24989 has been mitigated by Microsoft, there is no need for a separate patch for affected users.
Who is affected by CVE-2025-24989?
Users of Microsoft Power Pages may have been affected by the CVE-2025-24989 vulnerability.

agent/type
agent/first-publish-date
collector/msrc
source/Microsoft
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/msrc-cve
exploited/true
agent/softwarecombine
agent/weakness
agent/author
collector/mitre-cve
source/MITRE
agent/title
collector/the-register
source/The Register
alias/CVE-2025-24989
alias/CVE-2025-21355
agent/news-ai
zeroday/true
agent/severity
agent/event
agent/trending
agent/tags
collector/epss-latest
source/FIRST
agent/epss
collector/nvd-cve
source/NVD
collector/nvd-api
collector/cisa-known-exploited
source/CISA
agent/last-modified-date
agent/remedy
agent/references
agent/source
agent/description
vendor/microsoft
canonical/microsoft power pages