Power Pages
Vulnerabilities
2
Known exploited
1
Max CVSS
9.8
Top EPSS
0.01659
Severity breakdown
Critical
2
High
0
Medium
0
Low
0
Also matched as (raw): power_pages
Top vulnerabilities
CVE-2026-23652Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attacker to execute code over a network.
CVE-2025-24989An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control.
This vulnerability has already been mitigated in the service and all affected customers have been notified. This update addressed the registration control bypass. Affected customers have been given instructions on reviewing their sites for potential exploitation and clean up methods. If you've not been notified this vulnerability does not affect you.