Insecure Direct Object Reference in Pega Platform Affects User Data Access
CVE-2025-9559

6.5MEDIUM

Key Information:

Vendor: Pegasystems
Status: Pega Infinity
Vendor: CVE Published:; 16 October 2025

🔔 Create Pegasystems Vulnerability Alert

What is CVE-2025-9559?

Pega Platform versions 8.7.5 through Infinity 24.2.2 have been identified with an Insecure Direct Object Reference vulnerability. This security issue affects a specific user interface component, allowing unauthorized users to potentially access sensitive information. It is crucial for organizations utilizing the Pega Platform to assess their vulnerabilities and implement necessary mitigations as outlined in the security advisory provided by Pega.

Affected Version(s)

Pega Infinity 8.7.5

References

https://support.pega.com/support-doc/pega-security-adviso...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 16, 2025
Vulnerability Reserved
Aug 27, 2025

Credit

Eric Kahlert from the SEC Consult Vulnerability Lab (https://www.sec-consult.com/)

JSON