Microsoft has addressed a serious security vulnerability (CVE-2025-24989) in its Power Pages website-building service, enabling attackers to elevate privileges and potentially log in unauthorized. While the flaw was closed at Microsoft's end, they urged affected users to investigate their sites for any exploitation attempts. The issue impacted some users but not all, as confirmed by Microsoft. The Power Pages platform, launched in 2022, has a large user base, with cases of prior data exposure raising concerns about security vulnerabilities. Microsoft's response included a confirmation of the fix and assurances that customers are now protected.
Microsoft has fixed a significant security flaw in its Power Pages platform, urging users to audit their sites for possible exploitation by attackers.
The flaw, rated 8.2 on the CVSS scale, could allow unauthorized users to log into accounts they shouldn’t have on websites built on Power Pages.
Collection
[
|
...
]