Microsoft has fixed a security flaw in its Power Pages website-building SaaS, after criminals got there first – and urged users to check their sites for signs of exploitation.
Power Pages is part of Microsoft’s low-code Power Platform suite and offers tools to create, host, and update business websites.
The newly patched flaw, CVE-2025-24989, technically speaking allows attackers to elevate privileges over a network, potentially bypassing the user registration control. In plainer English: Unauthorized miscreants could use the hole to log into sites using accounts they shouldn’t have.
Power Pages is software-as-a-service, so Microsoft has closed the vulnerability at its end. The software giant has…