anonhaven
Ad

CVE-2025-62183

MEDIUM CVSS 4.0: 4.8 EPSS 0.06%
Updated Feb 18, 2026
Pega Platform
Parameter Value
CVSS 4.8 (MEDIUM)
Affected Versions 8.1.0 — 25.1.1
Type CWE-79 (Cross-Site Scripting (XSS))
Vendor Pega Platform
Public PoC No

Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality and Integrity are low.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
High
Admin privileges needed
User Interaction
Passive
Minimal interaction

Impact Assessment

Confidentiality
Low
Partial data leak
Integrity
Low
Partial data modification
Availability
None
No disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-79 Cross-Site Scripting (XSS)

References 1

https://support.pega.com/support-doc/pega-security-advisory-n25-vulnerability-r…
security@pega.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-1711

Pega Platform

4.8

CVE-2026-1564

Pega Platform

5.1

CVE-2025-62184

Pega

4.8