CVE-2025-24989— Microsoft Power Pages 访问控制错误漏洞

Microsoft Power Pages Elevation of Privilege Vulnerability

An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected customers have been notified. This update addressed the registration control bypass. Affected customers have been given instructions on reviewing their sites for potential exploitation and clean up methods. If you've not been notified this vulnerability does not affect you.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

访问控制不恰当

Microsoft Power Pages 访问控制错误漏洞

Microsoft Power Pages是美国微软（Microsoft）公司的一个安全的企业级低代码 SaaS 平台，用于创建、托管和管理丰富的外部商业网站。 Microsoft Power Pages存在访问控制错误漏洞，该漏洞源于存在不当访问控制漏洞，允许未经授权的攻击者通过网络提升权限，从而可能绕过用户注册控制。

N/A

N/A