CVE-2025-62180
Received Received - Intake
Authorization Bypass in Pega Platform

Publication date: 2026-06-23

Last updated on: 2026-06-23

Assigner: Pegasystems Inc.

Description
Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-23
Last Modified
2026-06-23
Generated
2026-06-23
AI Q&A
2026-06-23
EPSS Evaluated
N/A
NVD
CVE-2025-62180
EUVD
EUVD-2025-210309
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
pega platform From 8.3.0 (inc) to 24.2.2 (inc)
pega platform From 8.3.0 (inc) to 25.1.2 (inc)
pega platform From 25.1.0 (inc) to 25.1.2 (inc)
pega platform From 24.2.3 (inc) to 24.2.5 (inc)
pega platform 24.1.4
pega platform From 23.1.1 (inc) to 23.1.5 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-62180 is a high-severity security vulnerability in the Pega Platform versions 8.3.0 through 25.1.2. It is classified as an Improper Access Control issue, meaning that authenticated users may exploit an authorization weakness to access additional data they should not be able to see by using specially crafted URLs.

Impact Analysis

This vulnerability can allow authenticated users to bypass normal authorization controls and access sensitive or additional data that they are not authorized to view. This could lead to unauthorized disclosure of information within the Pega Platform environment. Although no compromises have been reported so far, the risk remains significant due to the potential exposure of sensitive data.

Mitigation Strategies

To mitigate the vulnerability CVE-2025-62180 in Pega Platform, you should update your system to the latest patched versions or apply the appropriate hotfixes.

  • Apply hotfixes available for your version, such as 8.8.5, 23.1.1, 24.1.3, 23.1.5, 24.1.4, 24.2.3, and 25.1.0.
  • For on-premises or client-managed cloud environments, download hotfixes from My Security Hotfixes on My Pega.
  • Restart the system after installing the hotfix.
  • If you are not on a supported version, update promptly to a patched version.

If you have questions or need assistance, contact Global Client Support through the My Support Portal.

Compliance Impact

The provided information does not specify how the CVE-2025-62180 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-62180. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart