Authorization Weakness in Pega Platform Affects User Data Access
CVE-2025-62180

7.1HIGH

Key Information:

Vendor
CVE Published:
23 June 2026

What is CVE-2025-62180?

The Pega Platform suffers from an authorization weakness affecting versions 8.3.0 through Infinity 25.1.2, which could allow authenticated users to exploit crafted URLs to access unauthorized data. This flaw poses a significant risk of sensitive data exposure, highlighting the need for immediate remediation efforts to secure the affected systems.

Affected Version(s)

Pega Infinity 8.3.0

References

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Mohammed F. Alaskar from Saudi Awwal Bank Cybersecurity Team
.