Microsoft: >> Power Pages Security Vulnerabilities
Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attacker to execute code over a network.
CVSS Score
10.0
EPSS Score
0.001
Published
2026-05-22
CVE-2025-24989
An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control.
This vulnerability has already been mitigated in the service and all affected customers have been notified. This update addressed the registration control bypass. Affected customers have been given instructions on reviewing their sites for potential exploitation and clean up methods. If you've not been notified this vulnerability does not affect you.
Known exploited
CVSS Score
8.2
EPSS Score
0.316
Published
2025-02-19