CVE-2025-62184

Published Mar 31, 2026

Last updated a month ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-62184 identifies a Stored Cross-site Scripting (XSS) vulnerability present in Pega Platform versions 8.1.0 through 25.1.0. This flaw resides within a user interface component of the platform. Exploitation of CVE-2025-62184 necessitates an administrative user account with extensive access rights. The vulnerability involves improper neutralization of input during web page generation, which could allow for the injection of malicious scripts.

Description: Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality is low and Integrity is none.
Source: security@pega.com
NVD status: Analyzed
Products: pega_platform

Risk scores

CVSS 4.0

Type: Secondary
Base score: 4.8
Impact score: -
Exploitability score: -
Vector string: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity: MEDIUM

CVSS 3.1

Type: Primary
Base score: 3.4
Impact score: 1.4
Exploitability score: 1.7
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N
Severity: LOW

Weaknesses

security@pega.com: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:pega:pega_platform:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "C5AF856D-F80C-4AA3-A569-2DF0DA5E4192",
            "versionEndIncluding": "25.1.0",
            "versionStartIncluding": "8.1",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.