Microsoft Fixes Power Pages Zero-day Bug Exploited in Attacks - 20250221002¶
Overview¶
Microsoft has issued a security bulletin for a high-severity elevation of privilege vulnerability in Power Pages, which hackers exploited as a zero-day in attacks.
Microsoft says it has addressed the risk at the service level and notified impacted customers accordingly, enclosing instructions on how to detect potential compromise.
What is vulnerable?¶
| Product(s) Affected | CVE | CVSS | Severity |
|---|---|---|---|
| Microsoft Power Pages | CVE-2025-24989 | 8.2 | High |
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions within expected timeframe of 48 hours... (refer Patch Management):
- Microsoft Security Updates: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24989