Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-24989
CISA Adds One Known Exploited Vulnerability to Catalog
Description: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-24989 Microsoft Power Pages Improper Access Control Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CVSS: HIGH (8.2)

EPSS Score: 25.72%

Source: All CISA Advisories
February 21st, 2025 (about 2 months ago)

CVE-2025-24989
Microsoft Power Pages Improper Access Control Vulnerability
Description: Microsoft Power Pages contains an improper access control vulnerability that allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control.

CVSS: HIGH (8.2)

EPSS Score: 25.72%

Source: CISA KEV
February 21st, 2025 (about 2 months ago)
Microsoft expands Copilot bug bounty targets, adds payouts for even moderate messes
Source: TheRegister
February 21st, 2025 (about 2 months ago)
Oops, some of our customers' Power Pages sites were exploited, says Microsoft
Source: TheRegister
February 20th, 2025 (about 2 months ago)
Microsoft fixes Power Pages zero-day bug exploited in attacks
Description: Microsoft has issued a security bulletin for a high-severity elevation of privilege vulnerability in Power Pages, which hackers exploited as a zero-day in attacks. [...]
Source: BleepingComputer
February 20th, 2025 (about 2 months ago)
Microsoft Unveils First Quantum Processor With Topological Qubits
Description: Microsoft has announced Majorana 1, the world’s first quantum processing unit (QPU) built with topological qubits, marking a major leap toward fault-tolerant quantum computing. The breakthrough, supported by research published in Nature, leverages a novel material called a topoconductor, allowing for more stable, scalable, and error-resistant quantum systems. The announcement highlights Microsoft’s progress toward a … The post Microsoft Unveils First Quantum Processor With Topological Qubits appeared first on CyberInsider.
Source: CyberInsider
February 20th, 2025 (about 2 months ago)
Microsoft testing fix for Windows 11 bug breaking SSH connections
Description: Microsoft is not testing a fix for a longstanding known issue that is breaking SSH connections on some Windows 11 22H2 and 23H2 systems. [...]
Source: BleepingComputer
February 20th, 2025 (about 2 months ago)
Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now
Description: For decades, Microsoft Exchange has been the backbone of business communications, powering emailing, scheduling and collaboration for organizations worldwide. Whether deployed on-premises or in hybrid environments, companies of all sizes rely on Exchange for seamless internal and external communication, often integrating it deeply with their workflows, compliance policies and security frameworks
Source: TheHackerNews
February 20th, 2025 (about 2 months ago)

CVE-2025-21355
Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability
Description: Microsoft has released security updates to address two Critical-rated flaws impacting Bing and Power Pages, including one that has come under active exploitation in the wild. The vulnerabilities are listed below - CVE-2025-21355 (CVSS score: 8.6) - Microsoft Bing Remote Code Execution Vulnerability CVE-2025-24989 (CVSS score: 8.2) - Microsoft Power Pages Elevation of Privilege Vulnerability "

CVSS: HIGH (8.6)

EPSS Score: 1.08%

Source: TheHackerNews
February 20th, 2025 (about 2 months ago)

CVE-2025-24989
Microsoft Power Pages Elevation of Privilege Vulnerability
🚨 Marked as known exploited on February 21st, 2025 (about 2 months ago).
Description: An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected cusomters have been notified. This update addressed the registration control bypass. Affected customers have been given instructions on reviewing their sites for potential exploitation and clean up methods. If you've not been notified this vulnerability does not affect you.

CVSS: HIGH (8.2)

EPSS Score: 25.72%

Source: CVE
February 20th, 2025 (2 months ago)