Stored Cross-site Scripting Vulnerability in Pega Platform by Pega Systems
CVE-2025-62184
4.8MEDIUM
What is CVE-2025-62184?
A Stored Cross-site Scripting vulnerability exists in Pega Platform versions 8.1.0 through 25.1.0. This vulnerability occurs within a user interface component, requiring an administrative user with extensive access rights to exploit. While the potential impact on confidentiality is low and integrity is unaffected, the presence of this vulnerability in the platform may still pose security risks for applications relying on it. Users should take caution and apply necessary mitigations as outlined in the related security advisory.
Affected Version(s)
Pega Infinity 8.1.0
References
CVSS V4
Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Amjad Nayef Qabaha from Integrated Telecom Solutions (INOVAR)