U.S. CISA Adds Microsoft Power Pages Vulnerability to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability in Microsoft Power Pages, listed under the number CVE-2025-24989, to its catalog of known exploited vulnerabilities (KEV). This flaw, rated with a CVSS score of 8.2, is due to improper access control in Power Pages, allowing unauthorized access. CISA included this vulnerability in its catalog to alert organizations about the potential risk of exploitation.