CVE-2025-24989: Microsoft Power Pages Improper Access Control
Microsoft Power Pages Improper Access Control Vulnerability. Microsoft Power Pages contains an improper access control vulnerability that allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control.
- CISA KEV-listed (remediation due 2025-03-14)
- EPSS 31.6% (96.9% percentile)