Microsoft Products Multiple Vulnerabilities

Multiple vulnerabilities were identified in Microsoft Products. A remote attacker could exploit some of these vulnerabilities to trigger elevation of privilege and remote code execution on the targeted system.

Note:

These vulnerabilities affect Microsoft cloud services, and Microsoft has already implemented the necessary security mitigations.

Proof-of-concept code is publicly available for CVE-2025-21355. This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.

Exploit in the wild has been detected for CVE-2025-24989. An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected cusomters have been notified. This update addressed the registration control bypass. Affected customers have been given instructions on reviewing their sites for potential exploitation and clean up methods. If you’ve not been notified this vulnerability does not affect you.

Impact

• Remote Code Execution
• Elevation of Privilege

System / Technologies affected

For CVE-2025-24989

• Microsoft Power Pages

For CVE-2025-21355

• Microsoft Bing

Solutions

Please visit the software vendor web-site for more details.

• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24989
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21355

Vulnerability Identifier

• CVE-2025-24989
• CVE-2025-21355

Source

• Microsoft

Related Link

• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24989
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21355