← Volver a CVEs
CVE-2025-24989
HIGHCISA KEV8.2
Descripcion
An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected customers have been notified. This update addressed the registration control bypass. Affected customers have been given instructions on reviewing their sites for potential exploitation and clean up methods. If you've not been notified this vulnerability does not affect you.
Detalles CVE
Puntuacion CVSS v3.18.2
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado2/19/2025
Ultima modificacion10/27/2025
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorMicrosoft
ProductoPower Pages
Nombre vulnerabilidadMicrosoft Power Pages Improper Access Control Vulnerability
Fecha inclusion KEV2025-02-21
Fecha limite remediacion2025-03-14
Uso en ransomwareUnknown
Productos afectados
microsoft:power_pages
Debilidades (CWE)
CWE-284
Referencias
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24989(secure@microsoft.com)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24989(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.