CVE-2025-2160 HIGH

CVE-2025-2160

Vendor Pegasystems
Product Pega Infinity
Weakness CWE-79 · XSS
Published April 14, 2025
Last update April 14, 2025
View on NVD All CVEs

CVSS base score

8.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS issue with Mashup

Key dates

02Disclosure timeline

April 14, 2025 CVE published
April 14, 2025 Record updated