CVE-2025-62183
Received
Received - Intake
Stored XSS in Pega Platform UI Component Requires Admin Access
Publication date: 2026-02-17
Last updated on: 2026-02-17
Assigner: Pegasystems Inc.
Description
Description
Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality and Integrity are low.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pega | platform | From 8.1.0 (inc) to 25.1.1 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Stored Cross-site Scripting (XSS) issue found in Pega Platform versions 8.1.0 through 25.1.1. It exists in a user interface component and requires an administrative user with extensive access rights to be exploited.
How can this vulnerability impact me? :
The impact of this vulnerability on confidentiality and integrity is considered low, given that it requires an administrative user with extensive access rights to exploit.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70