- Microsoft recently found and repaired a high severity error in energy pages
- The error allowed malicious actors to log in to destination websites
- The vulnerability was solved, but Microsoft warns the potential victims who are on guard
Microsoft has solved a high severity vulnerability in its Power Pages product, and has warned users that are attentive to the exploitation signs.
The company recently published details about CVE-2025-24989, an inadequate vulnerability of access control in energy pages, which allows unauthorized attackers to raise privileges through a network, without ignoring the user registration control . In other words, unauthorized attackers could use vulnerability to log in to other people’s websites. He was given a gravity score of 8.2/10 (high).
We do not know who is behind the attack, or how many websites are affected. According to Microsoft, Power Pages has more than 250 million active users of the website monthly, including the National Health Service of Great Britain.
Pattered defects
Microsoft Power Pages is a low code platform to build safe and data -based websites, allowing users .
It is designed for companies and organizations that need external portals for customers, partners or employees without requiring extensive coding experience. It is a software as a service (SAAS), which means that Microsoft performs all patches and updates on its servers.
The company already implemented the patch, but that does not mean that the problem has disappeared. Apparently, the cybercriminals discovered the defect before Microsoft did it, and used it to access at least some websites. It is impossible to know what they did with access. They could redirect people to malicious websites, serve evil, steal data and more.
The company warned some users to be careful and look for signs of exploitation.
“This vulnerability has already been mitigated in the service and all affected customers have been notified,” Microsoft said. “Affected customers have received instructions on the review of their sites for possible exploitation and cleaning methods. If you have not notified you, this vulnerability does not affect you. “
Through The registration
