Microsoft Power Pages
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Power Pages.
Recent Microsoft Power Pages Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2025-24989 | CVE-2025-24989 Microsoft Power Pages Elevation of Privilege Vulnerability | February 20, 2025 |
By the Year
In 2026 there have been 1 vulnerability in Microsoft Power Pages with an average score of 10.0 out of ten. Last year, in 2025 Power Pages had 2 security vulnerabilities published. At the current rates, it appears that the number of vulnerabilities last year and this year may equal out. However, the average CVE base score of the vulnerabilities in 2026 is greater by 1.35.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 10.00 |
| 2025 | 2 | 8.65 |
It may take a day or so for new Power Pages vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Power Pages Security Vulnerabilities
May 2026: Microsoft Power Pages Remote Code Execution Vulnerability
CVE-2026-23652
10 - Critical
- May 22, 2026
Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attacker to execute code over a network.
Command Injection
May 2025: Microsoft Power Apps Information Disclosure Vulnerability
CVE-2025-47733
9.1 - Critical
- May 08, 2025
Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclose information over a network
SSRF
Feb 2025: Microsoft Power Pages Elevation of Privilege Vulnerability
CVE-2025-24989
8.2 - High
- February 19, 2025
An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected customers have been notified. This update addressed the registration control bypass. Affected customers have been given instructions on reviewing their sites for potential exploitation and clean up methods. If you've not been notified this vulnerability does not affect you.
Authorization
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Power Pages or by Microsoft? Click the Watch button to subscribe.
