Microsoft Products Multiple Vulnerabilities
RISK: High Risk
TYPE: Operating Systems - Windows OS
Multiple vulnerabilities were identified in Microsoft Products. A remote attacker could exploit some of these vulnerabilities to trigger elevation of privilege and remote code execution on the targeted system.
Note:
These vulnerabilities affect Microsoft cloud services, and Microsoft has already implemented the necessary security mitigations.
Proof-of-concept code is publicly available for CVE-2025-21355. This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.
Exploit in the wild has been detected for CVE-2025-24989. An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected cusomters have been notified. This update addressed the registration control bypass. Affected customers have been given instructions on reviewing their sites for potential exploitation and clean up methods. If you've not been notified this vulnerability does not affect you.
Impact
- Remote Code Execution
- Elevation of Privilege
System / Technologies affected
For CVE-2025-24989
- Microsoft Power Pages
For CVE-2025-21355
Microsoft Bing
Solutions
Please visit the software vendor web-site for more details.
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24989
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21355
Vulnerability Identifier
Source
Related Link
Share with