Microsoft has patched CVE-2025-24989, a critical privilege escalation vulnerability in Power Pages that has been exploited in attacks. The flaw, caused by improper access control, allowed attackers to bypass user registration controls and elevate privileges over a network. Microsoft has already mitigated the issue and notified affected customers with instructions for reviewing potential exploitation. No manual patch installation is required, but some users may need to check their instances for signs of compromise. Microsoft has not disclosed details about the attacks, and SecurityWeek is awaiting further information from the company. Continue here.
