CVE-2025-62184 MEDIUM

CVE-2025-62184: Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component.

Vendor Pegasystems
Product Pega Infinity
Weakness CWE-79 · XSS
Published March 31, 2026
Last update March 31, 2026

CVSS base score

4.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality is low and Integrity is none.

Key dates

02Disclosure timeline

March 31, 2026 CVE published
March 31, 2026 Record updated