Today's cybersecurity headlines are brought to you by ThreatPerspective


Ethical Hacking News

Micrsoft's Power Pages Website-Building SaaS Vulnerability Exposed: A Comprehensive Analysis


Microsoft's popular website-building SaaS solution Power Pages has been compromised by a high-severity vulnerability that allows unauthorized users to elevate privileges over a network. The bug was discovered by Microsoft staffer Raj Kumar and had already been exploited by attackers before the software giant released a fix, which is now in effect.

  • The Microsoft Power Pages website has been compromised by a security vulnerability (CVE-2025-24989) that allows unauthorized users to elevate privileges over a network, rated as high severity threat (8.2/10 on CVSS).
  • The bug was discovered by Microsoft staffer Raj Kumar and had already been exploited by attackers before the fix was released.
  • A patch has been released to address the issue, but affected customers are advised to review their sites for signs of potential exploitation and clean up if needed.
  • Not all Power Pages users are affected, as the problem doesn't affect those who haven't received notifications from Microsoft regarding this vulnerability.
  • Microsoft has been proactive in addressing security concerns related to its software products, including patching a high-severity flaw in Bing search engine (CVE-2025-21355).



  • Microsoft's Power Pages, a website-building software-as-a-service (SaaS) solution, has been compromised by a security vulnerability that allows unauthorized users to elevate privileges over a network. The bug, identified as CVE-2025-24989, was rated 8.2 out of 10 on the Common Vulnerability Scoring System (CVSS) scale, indicating a high severity threat.

    According to recent reports, the vulnerability was discovered by Microsoft staffer Raj Kumar and had already been exploited by attackers before the software giant released a fix. The newly patched flaw technically allows unauthorized miscreants to log into sites using accounts they shouldn't have, posing a significant risk to users of Power Pages.

    Power Pages is part of Microsoft's low-code Power Platform suite, which offers tools for creating, hosting, and updating business websites. With over 250 million monthly active website users, including Britain's National Health Service (NHS), the platform plays a critical role in enabling businesses to create professional-grade websites without extensive technical expertise.

    In February's Patch Tuesday release, Microsoft addressed the vulnerability by releasing a fix, which has since been implemented at its end. However, the software giant also urged affected customers to review their sites for signs of potential exploitation and provided procedures to clean up if needed.

    Fortunately, the problem doesn't affect all Power Pages users. If you haven't received notifications from Microsoft regarding this vulnerability, it is unlikely that your site was compromised.

    Microsoft has been proactive in addressing security concerns related to its software products. The company has made significant efforts to improve the security of its services and has released numerous patches for various vulnerabilities over the years.

    In addition to Power Pages, Microsoft has also patched a high-severity flaw in its search engine Bing. The CVSS 8.6-rated issue - CVE-2025-21355 - would allow an unauthenticated attacker to execute code over a network due to missing authentication for a critical function. However, there is no evidence of active exploitation, and proof-of-concept code has already been released.

    Microsoft's commitment to addressing security vulnerabilities and providing fixes to protect its customers is commendable. As users continue to rely on Power Pages and other Microsoft software solutions, it is essential that the company remains vigilant in identifying and addressing potential security threats.

    In conclusion, the recent vulnerability in Microsoft Power Pages highlights the importance of ongoing security monitoring and patching efforts. As users continue to leverage cloud-based services like Power Pages, it is crucial for software vendors like Microsoft to stay proactive in protecting their customers from emerging threats.

    Related Information:

  • https://go.theregister.com/feed/www.theregister.com/2025/02/20/microsoft_patch_power_pages/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-24989

  • https://www.cvedetails.com/cve/CVE-2025-24989/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-21355

  • https://www.cvedetails.com/cve/CVE-2025-21355/


  • Published: Thu Feb 20 23:34:55 2025 by llama3.2 3B Q4_K_M













         


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us