CVE-2025-8681
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-10

Last updated on: 2025-10-29

Assigner: Pegasystems Inc.

Description
Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stored XSS issue in a user interface component. Β Requires a high privileged user with a developer role.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-10
Last Modified
2025-10-29
Generated
2026-06-16
AI Q&A
2025-09-10
EPSS Evaluated
2026-06-15
NVD
CVE-2025-8681
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
pega pega_platform From 7.1.0 (inc) to 23.1.5 (exc)
pega pega_platform From 24.1.0 (inc) to 24.1.3 (exc)
pega pega_platform From 24.2.0 (inc) to 24.2.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-8681 is a medium severity Stored Cross-Site Scripting (XSS) vulnerability in the Pega Platform affecting versions 7.1.0 to 24.2.2. It allows attackers to inject malicious executable scripts into trusted application code via a user interface component. Exploitation requires a high privileged user with a developer role, limiting the attack surface. [1]

Impact Analysis

This vulnerability can allow attackers with developer-level access to inject malicious scripts into the Pega Platform, potentially leading to unauthorized actions or data exposure within the application. However, exploitation requires high privileges, and no client compromises have been reported so far. [1]

Mitigation Strategies

To mitigate the CVE-2025-8681 vulnerability in Pega Platform, you should update your system to a patched version. Specifically, versions 23.1.5 and 25.1.0 are already patched and require no action. For versions 24.1.3 and 24.2.2, apply the relevant updates or hotfixes: for 24.1.3, apply hotfix HFIX-C2685 or update to 24.1.4 Patch Release; for 24.2.2, apply hotfix HFIX-C2684 or update to 24.2.3 Patch Release. Pega recommends updating to the latest platform releases to ensure all security, feature, and bug fixes are included. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-8681. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart