<ul><li>Microsoft has fixed a privilege escalation vulnerability in Power Pages that was actively exploited in attacks.</li><li>The vulnerability, tracked as CVE-2025-21355, allowed unauthorized attackers to execute code over a network in Microsoft Bing.</li><li>Another vulnerability, CVE-2025-24989, allowed unauthorized attackers to elevate privileges in Power Pages.</li><li>Microsoft has provided instructions for affected customers to review their sites for potential exploitation and clean up any affected systems.</li></ul>

Microsoft fixed actively exploited flaw in Power Pages

Discover more