- Microsoft recently found and corrected a high severity bug in the power pages
- The bug allowed malware to connect to target websites
- Vulnerability has been set, but Microsoft warns that potential victims are on guard
Microsoft has corrected high severity vulnerability in its Power Pages product, and warned users to be looking for operating signs.
The company recently published details on CVE-2025-24989, an incorrect access control vulnerability in electric pages, which allows unauthorized attackers to raise privileges on a network, potentially bypassing check-in control users. In other words, unauthorized attackers could use vulnerability to connect to other people ‘websites. He received a severity score of 8.2 / 10 (high).
We do not know who is behind the attack, nor how many websites are affected. According to Microsoft, Power Pages has more than 250 million users of active websites on a monthly basis, including the National Health Service British.
Correct defects
Microsoft Power Pages is a low-code platform to create secure and data-oriented websites, allowing users to create and personalize sites with simplicity to drag and integrate into other services Microsoft as power automaton and dataverse.
It is designed for companies and organizations that need external oriented portals for customers, partners or employees without requiring in -depth coding expertise. This is software as a (SaaS) service, which means that all the fixes and updates are carried out by Microsoft on its servers.
The company has already deployed the patch, but that does not mean that the problem has disappeared. Apparently, cybercriminals have discovered the Microsoft front flaw and used it to access at least a few websites. It is impossible to know what they did with access. They could redirect people to malicious websites, serve malvertization, steal data, etc.
The company has warned some users to be careful and search for signs of exploitation.
“This vulnerability has already been attenuated in the service and all the customers concerned have been informed,” said Microsoft. “The affected customers have received instructions on revising their sites for potential operating and cleaning methods. If you have not been informed, this vulnerability does not affect you. »»
Via The register
