Full Report
Microsoft has issued a security bulletin for a high-severity elevation of privilege vulnerability in Power Pages, which hackers exploited as a zero-day in attacks. [...]
Analysis Summary
# Vulnerability: Microsoft Power Pages Zero-Day Vulnerability (Registration Control Bypass)
## CVE Details
- CVE ID: CVE-2025-24989
- CVSS Score: Not explicitly mentioned, but high due to active exploitation. (Severity inferred as High/Critical based on zero-day status and exploitation)
- CWE: Registration Control Bypass / Input Validation Error (Inferred)
## Affected Systems
- Products: Microsoft Power Pages (Low-code, SaaS-based web development platform)
- Versions: Not specified; service-level mitigation applied by Microsoft.
- Configurations: Any deployed instance of Microsoft Power Pages.
## Vulnerability Description
The vulnerability (CVE-2025-24989) is a flaw in Microsoft Power Pages that allows an attacker to bypass user registration controls. The flaw enables the attacker to perform actions that should be restricted by registration requirements, potentially leading to unauthorized access or privilege escalation on the external-facing business websites hosted via Power Pages. Microsoft categorized this as an elevation of privilege bug.
## Exploitation
- Status: Exploited in the wild (Zero-day)
- Complexity: Not explicitly detailed, but implied to be achievable remotely given the cloud service nature.
- Attack Vector: Network (Remote exploitation)
## Impact
- Confidentiality: Potential unauthorized access to data or functions.
- Integrity: Potential unauthorized changes or configuration alterations.
- Availability: Potential impact on service stability or resource abuse, though primary impact appears to be authentication/authorization bypass.
## Remediation
### Patches
- Microsoft has addressed the risk **at the service level**. No direct customer installable patch is detailed, as it is a SaaS offering.
### Workarounds
Because the fix was applied by Microsoft at the service level, the primary workarounds involve post-exploitation checks and hardening:
1. **Review Activity Logs:** Scrutinize Power Pages activity logs for suspicious actions, unauthorized user registrations, or unusual activity related to users or page access.
2. **Scrutinize User Lists:** Verify administrators and high-privileged users to detect unexpected additions or privilege changes.
3. **Examine Security Roles:** Review recent changes in security roles, permissions, and web page access controls.
4. **Account Remediation:** Revoke any rogue accounts, reset credentials for affected accounts, and ensure MFA is enforced across all accounts.
## Detection
- **Indicators of Compromise (IOCs):** Unusually rapid or unexpected increases in user registrations, changes in administrator roles, or presence of unauthorized user accounts/security roles.
- **Detection Methods and Tools:** Reviewing native Power Platform/Power Pages activity logs is critical. Elevated permissions or changes should be flagged by existing SIEM or monitoring systems watching the Power Platform environment.
## References
- Vendor Advisory (MSRC): bttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24989
- News Source: bttps://www.bleepingcomputer.com/news/security/microsoft-fixes-power-pages-zero-day-bug-exploited-in-attacks/