Updates have been issued by Microsoft to address a high-severity vulnerability impacting its website-building Software-as-a-Service (SaaS) platform Power Pages, which has already been leveraged in ongoing attacks, according to The Register.
Threat actors exploiting the flaw, tracked as CVE-2025-24989, could achieve privilege escalation in targeted networks and user registration control evasion to facilitate unauthorized site access, reported Microsoft, which noted the issue to impact only certain Power Pages users, who were urged to examine their websites for possible compromise. "If you've not been notified, this vulnerability does not affect you," Microsoft said.
Also fixed by Microsoft was a high-severity bug impacting the Bing search engine, tracked as CVE-2025-21355, which could be abused to facilitate remote code execution. While such a vulnerability has not yet been actively exploited by threat actors, Microsoft has acknowledged the existence of a proof-of-concept code that could be used in malicious activity.
