CVE-2025-8681 | THREATINT

Description

Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stored XSS issue in a user interface component. Requires a high privileged user with a developer role.

PUBLISHED Reserved 2025-08-06 | Published 2025-09-10 | Updated 2025-09-11 | Assigner Pega

MEDIUM: 5.5CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Product status

Default status

unaffected

7.1.0 (custom) before Infinity 24.2.3

affected

Credits

Louis Sohier of ENGIE IT Offensive Cybersecurity Team finder

References

support.pega.com/...isory-g25-vulnerability-remediation-note

cve.org (CVE-2025-8681)

nvd.nist.gov (CVE-2025-8681)

Download JSON