CVE-2025-62180

Description

Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs.

CVSS breakdown

CVSS 4.0

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

None

Privileges Required

Low

User Interaction

None

Confidentiality (Vulnerable System)

High

Integrity (Vulnerable System)

None

Availability (Vulnerable System)

Low

Confidentiality (Subsequent System)

None

Integrity (Subsequent System)

None

Availability (Subsequent System)

None

Affected products

Pegasystems / Pega Infinity8.3.0 – Infinity 25.1.3

References

MISChttps://support.pega.com/support-doc/pega-security-advisory-i25-vulnerability-remediation-note
MISChttps://support.pega.com/support-doc/pega-security-advisory-h26-vulnerability-remediation-note