Remote Code Execution Vulnerability in Microsoft Bing
CVE-2025-21355

8.6HIGH

Key Information:

Vendor
Microsoft
Status
Microsoft Bing
Vendor
CVE Published:
19 February 2025

Badges

πŸ“ˆ TrendedπŸ“ˆ Score: 1,270πŸ‘Ύ Exploit ExistsπŸ“° News Worthy

What is CVE-2025-21355?

CVE-2025-21355 is a critical remote code execution vulnerability found in Microsoft Bing, a widely used search engine and web service provided by Microsoft. This vulnerability arises from a lack of proper authentication for essential functions within the platform, enabling unauthorized attackers to execute arbitrary code over the network. Organizations relying on Bing for services or integrating its functionalities into their applications may face significant risk, as successful exploitation can compromise system integrity and lead to various negative outcomes, including unauthorized access to sensitive data.

Technical Details

The vulnerability is characterized by insufficient authentication mechanisms which fail to adequately secure critical functions within Microsoft Bing. This oversight allows attackers to bypass authentication checks, facilitating malicious actions that exploit the service's capabilities. The vulnerability's technical intricacies remain nuanced, but the core issue lies in its ability to permit external entities to initiate commands without verification.

Potential impact of CVE-2025-21355

  1. Unauthorized Code Execution: Attackers may exploit this vulnerability to remotely execute arbitrary code, leading to potential system takeovers and unauthorized control over compromised instances.
  2. Data Breaches: Given the access to execute commands, sensitive information could be exposed or extracted, resulting in data breaches that could affect both users and organizations.
  3. Service Disruption: Exploitation of this vulnerability has the potential to disrupt Microsoft Bing’s services, negatively affecting the availability and reliability of applications and services that depend on Bing integrations.

Affected Version(s)

Microsoft Bing Unknown

News Articles

favicon imageSecurity Affairs

Microsoft fixed actively exploited flaw in Power Pages

Microsoft addressed a privilege escalation vulnerability in Power Pages, the flaw is actively exploited in attacks.

6 days ago

favicon imageGBHackers News

Critical Microsoft Bing Vulnerability Enabled Remote Code Execution Attacks

A critical security flaw in Microsoft Bing tracked as CVE-2025-21355, allowed unauthorized attackers to execute arbitrary code remotely.

6 days ago

favicon imageThe Hacker News

Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability

Microsoft patches two critical flaws in Bing and Power Pages, including CVE-2025-21355, an actively exploited RCE vulnerability

6 days ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • πŸ“ˆ

    Vulnerability started trending

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by The Hacker News

  • Vulnerability published

  • Vulnerability Reserved

.