CVE-2025-9559 | THREATINT

Description

Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by a Insecure Direct Object Reference issue in a user interface component that can only be used to read data.

PUBLISHED Reserved 2025-08-27 | Published 2025-10-16 | Updated 2025-10-16 | Assigner Pega

MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-639: Authorization Bypass Through User-Controlled Key

Product status

Default status

unaffected

8.7.5 (custom) before Infinity 24.2.3

affected

Credits

Eric Kahlert from the SEC Consult Vulnerability Lab (https://www.sec-consult.com/) finder

References

support.pega.com/...isory-h25-vulnerability-remediation-note

cve.org (CVE-2025-9559)

nvd.nist.gov (CVE-2025-9559)

Download JSON