← Voltar para CVEs
CVE-2025-24989
HIGHCISA KEV8.2
Descricao
An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected customers have been notified. This update addressed the registration control bypass. Affected customers have been given instructions on reviewing their sites for potential exploitation and clean up methods. If you've not been notified this vulnerability does not affect you.
Detalhes CVE
Pontuacao CVSS v3.18.2
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado2/19/2025
Ultima modificacao10/27/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorMicrosoft
ProdutoPower Pages
Nome da vulnerabilidadeMicrosoft Power Pages Improper Access Control Vulnerability
Data inclusao KEV2025-02-21
Prazo de remediacao2025-03-14
Uso em ransomwareUnknown
Produtos afetados
microsoft:power_pages
Fraquezas (CWE)
CWE-284
Referencias
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24989(secure@microsoft.com)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24989(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.