CVE advisoryKnown Exploit
CVE-2025-24989
Power Pages Privilege Escalation Vulnerability
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
An improper access control vulnerability in Microsoft Power Pages could allow an unauthorized attacker to elevate privileges over a network. This flaw enables bypassing user registration controls. The service provider has mitigated this vulnerability and notified affected customers.