Microsoft has launched safety updates to deal with two Important-rated flaws impacting Bing and Energy Pages, together with one which has come beneath lively exploitation within the wild.
The vulnerabilities are listed beneath –
- CVE-2025-21355 (CVSS rating: 8.6) – Microsoft Bing Distant Code Execution Vulnerability
- CVE-2025-24989 (CVSS rating: 8.2) – Microsoft Energy Pages Elevation of Privilege Vulnerability
“Lacking Authentication for Important Perform in Microsoft Bing permits an unauthorized attacker to execute code over a community,” the tech big stated in an advisory for CVE-2025-21355. No buyer motion is required.
Then again, CVE-2025-24989 considerations a case of improper entry management in Power Pages, a low-code platform for creating, internet hosting, and managing safe enterprise web sites, that an unauthorized attacker may exploit to raise privileges over a community and bypass person registration management.
Microsoft, which credited its personal worker Raj Kumar for flagging the vulnerability, has tagged it with an “Exploitation Detected” evaluation, indicating that it is conscious of at the least one occasion of the bug being weaponized within the wild.
That stated, the advisory doesn’t provide any particulars on the character or scale of the assaults, the identification of the risk actors behind them, and who could have been focused in such a way.
“This vulnerability has already been mitigated within the service and all affected clients have been notified,” it added.
“This replace addressed the registration management bypass. Affected clients have been given directions on reviewing their websites for potential exploitation and clear up strategies. In case you’ve not been notified this vulnerability doesn’t have an effect on you.”
The Hacker Information has reached out to Microsoft for additional remark, and we’ll replace the story if we get a response.
Source link