Stored XSS Vulnerability in Pega Platform Affecting Pega Systems
CVE-2025-8681

5.5MEDIUM

Key Information:

Vendor: Pegasystems
Status: Pega Infinity
Vendor: CVE Published:; 10 September 2025

🔔 Create Pegasystems Vulnerability Alert

What is CVE-2025-8681?

The Pega Platform from Pega Systems has a security flaw involving Stored Cross-Site Scripting (XSS) within its user interface components. This vulnerability requires an attacker to have a high-privileged user role with developer access, amplifying the risk if compromised. Users can be deceived into executing malicious scripts contained in the affected components, potentially leading to unauthorized actions within the application.

Affected Version(s)

Pega Infinity 7.1.0

References

https://support.pega.com/support-doc/pega-security-adviso...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 10, 2025
Vulnerability Reserved
Aug 6, 2025

Credit

Louis Sohier of ENGIE IT Offensive Cybersecurity Team