CVE-2025-62183 MEDIUM

CVE-2025-62183: Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality and Integrity are low.

Vendor Pegasystems

Product Pega Infinity

Weakness CWE-79 · XSS

Published February 17, 2026

Last update February 18, 2026

View on NVD All CVEs

CVSS base score

4.8/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality and Integrity are low.

Key dates

02Disclosure timeline

February 17, 2026 CVE published

February 18, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-62183 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2025-62183

CWE CWE-79

CVSS 4.8 / MEDIUM

Affected versions