Home

Description

Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs.

PUBLISHED Reserved 2025-10-07 | Published 2026-06-23 | Updated 2026-06-23 | Assigner Pega




HIGH: 7.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N

Problem types

CWE-639: Authorization Bypass Through User-Controlled Key

Product status

Default status
unaffected

8.3.0 (custom) before Infinity 25.1.3
affected

Credits

Mohammed F. Alaskar from Saudi Awwal Bank Cybersecurity Team finder

References

support.pega.com/...isory-i25-vulnerability-remediation-note

support.pega.com/...isory-h26-vulnerability-remediation-note

cve.org (CVE-2025-62180)

nvd.nist.gov (CVE-2025-62180)

Download JSON