Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by...

7.1 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N

Description

Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs.

Basic Information

ID CVE-2025-62180

Source Pega

Published Jun 23, 2026 at 14:48

Affected Product

Vendor Pegasystems

Product Pega Infinity

Version 8.3.0

Affected Versions Pegasystems Pega Infinity 8.3.0

CWE Classification

CWE-639

References

{
    "lastseen": "",
    "description": "Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs.",
    "published": "2026-06-23T14:48:36.267Z",
    "modified": "2026-06-23T14:48:36.267Z",
    "type": "cve",
    "title": "Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs.",
    "source": "Pega",
    "references": "https://support.pega.com/support-doc/pega-security-advisory-i25-vulnerability-remediation-note\nhttps://support.pega.com/support-doc/pega-security-advisory-h26-vulnerability-remediation-note",
    "id": "CVE-2025-62180",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639"
    ],
    "cvelist": null,
    "sourceData": "Pegasystems Pega Infinity 8.3.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Pega Infinity",
    "version": "8.3.0",
    "vendor": "Pegasystems",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs._CVE-2025-62180