Stored Cross-site Scripting Vulnerability in Pega Platform by Pegasystems
CVE-2025-62183

4.8MEDIUM

Key Information:

Vendor: Pegasystems
Status: Pega Infinity
Vendor: CVE Published:; 17 February 2026

🔔 Create Pegasystems Vulnerability Alert

What is CVE-2025-62183?

The Pega Platform versions 8.1.0 through 25.1.1 are vulnerable to a Stored Cross-site Scripting (XSS) issue in a user interface component. This vulnerability requires administrative user access to exploit, allowing attackers to inject malicious scripts into web pages. While the potential effect on confidentiality and integrity is limited, it still poses a risk that could be exploited if proper security measures are not in place. Organizations using the affected versions should mitigate this risk by applying recommended updates and implementing stringent access controls.

Affected Version(s)

Pega Infinity 8.1.0

References

https://support.pega.com/support-doc/pega-security-adviso...

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 17, 2026
Vulnerability Reserved
Oct 7, 2025

Credit

Jordan Lyons from AFLAC

CVE-2025-62183 Data

JSON