<ul><li>U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Power Pages vulnerability to its Known Exploited Vulnerabilities catalog.</li><li>CVE-2025-24989 (CVSS score: 8.2) is an improper access control flaw in Power Pages, allowing unauthorized attackers to elevate privileges over a network.</li><li>Microsoft has confirmed the active exploitation of the vulnerability and has provided instructions for affected customers on reviewing and cleaning up their sites.</li><li>CISA has ordered federal agencies to fix this vulnerability by March 21, 2025.</li></ul>

U.S. CISA adds Microsoft Power Pages flaw to its Known Exploited Vulnerabilities catalog

Discover more