CVE-2025-2161

Published Apr 14, 2025

Last updated 2 months ago

CVSS high 7.1

Overview

Description
Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by an XSS issue with Mashup
Source
security@pega.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.1
Impact score
4.2
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
Severity
HIGH

Weaknesses

security@pega.com
CWE-79

Social media

Hype score
Not currently trending

  1. Warning: 2 high #XSS in @Pega CVE-2025-2160 CVE-2025-2161 CVSS: 8.1-7.1. An unauthenticated remote attacker with user interaction and without privileges can inject malicious scripts to be executed in a victims web browser (cross-site scripting) #Patch https://t.co/DTSqDKrj2z

    @CCBalert

    15 Apr 2025

    172 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.