CVE-2025-62180 | Pega Platform versions 8.3.0 through Infinity 25.1.2 are aff… | CVSS 7.1 HIGH

Description

Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs.

Metadata

CVE ID: CVE-2025-62180
State: PUBLISHED
Assigner: Pega
Reserved: 2025-10-07 19:04 UTC
Published: 2026-06-23 14:48 UTC
Last updated: 2026-06-23 17:03 UTC
Primary CWE: CWE-639
CWE-639: Authorization Bypass Through User-Controlled Key
Vendor / Product: Pegasystems / Pega Infinity
Sources: cve.org · NVD

Severity & Metrics

7.1 HIGH CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
Pegasystems	Pega Infinity	—	8.3.0 < Infinity 25.1.3

Weakness (CWE)

CWE	Source	Description
CWE-639	cna	CWE-639: Authorization Bypass Through User-Controlled Key

CVSS scores (1)

Score	Severity	Version	Source	Vector
7.1	HIGH	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N

References (2)