Microsoft has launched safety updates to deal with two Important-rated flaws impacting Bing and Energy Pages, together with one which has come underneath energetic exploitation within the wild.
The vulnerabilities are listed under –
- CVE-2025-21355 (CVSS rating: 8.6) – Microsoft Bing Distant Code Execution Vulnerability
- CVE-2025-24989 (CVSS rating: 8.2) – Microsoft Energy Pages Elevation of Privilege Vulnerability
“Lacking Authentication for Important Operate in Microsoft Bing permits an unauthorized attacker to execute code over a community,” the tech big stated in an advisory for CVE-2025-21355. No buyer motion is required.
Then again, CVE-2025-24989 considerations a case of improper entry management in Energy Pages, a low-code platform for creating, internet hosting, and managing safe enterprise web sites, that an unauthorized attacker might exploit to raise privileges over a community and bypass person registration management.
Microsoft, which credited its personal worker Raj Kumar for flagging the vulnerability, has tagged it with an “Exploitation Detected” evaluation, indicating that it is conscious of not less than one occasion of the bug being weaponized within the wild.
That stated, the advisory doesn’t supply any particulars on the character or scale of the assaults, the identification of the menace actors behind them, and who might have been focused in such a way.
“This vulnerability has already been mitigated within the service and all affected clients have been notified,” it added.
“This replace addressed the registration management bypass. Affected clients have been given directions on reviewing their websites for potential exploitation and clear up strategies. Should you’ve not been notified this vulnerability doesn’t have an effect on you.”
The Hacker Information has reached out to Microsoft for additional remark, and we are going to replace the story if we get a response.