Microsoft Power Pages vulnerabilities
3 known vulnerabilities affecting microsoft/microsoft_power_pages.
Total CVEs
3
CISA KEV
1
actively exploited
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL2HIGH1
Vulnerabilities
Page 1 of 1
CVE-2025-24989P1CRITICALCVSS 9.8KEVv-2025-02-19
CVE-2025-24989 [CRITICAL] CWE-284 CVE-2025-24989: An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate p
An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control.
This vulnerability has already been mitigated in the service and all affected customers have been notified. This update addressed the registration control bypass. Affected
nvd
CVE-2026-23652P2CRITICALCVSS 9.8v-2026-05-22
CVE-2026-23652 [CRITICAL] CWE-77 CVE-2026-23652: Improper neutralization of special elements used in a command ('command injection') in Microsoft Pow
Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attacker to execute code over a network.
cvelistv5nvd
CVE-2025-47733P3HIGHCVSS 7.5v-2025-05-08
CVE-2025-47733 [HIGH] CWE-918 CVE-2025-47733: Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclo
Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclose information over a network
nvd