216.73.217.172

CVE-2025-24989

· Published 19/02/2025 23:15 · Modified 24/02/2025 14:55

Labels: CVE-2025-24989 2025-02-19CVE-2025-24989CWE-284NVD-CWE-noinfo[email protected]

Essential information

Published
19/02/2025 23:15
Modified
24/02/2025 14:55
Author
Creator
CVSS
8.2 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

CVSS metrics

Description

An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected customers have been notified. This update addressed the registration control bypass. Affected customers have been given instructions on reviewing their sites for potential exploitation and clean up methods. If you've not been notified this vulnerability does not affect you.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
microsoft / power pages cpe:2.3:a:microsoft:power_pages:-:*:*:*:*:*:*:*

References