PatchSiren

PatchSiren cyber security CVE debrief

CVE-2025-62180 Pegasystems CVE debrief

CVE-2025-62180 is an authorization weakness in Pega Platform versions 8.3.0 through Infinity 25.1.2. This vulnerability may allow authenticated users to access certain additional data via crafted URLs. The CVSS score for this vulnerability is 7.1, indicating a high severity. The CVE was published on June 23, 2026, and last modified on June 23, 2026. The vendor, Pega, has provided security advisories for this vulnerability.

Vendor
Pegasystems
Product
Pega Infinity
CVSS
HIGH 7.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-23
Original CVE updated
2026-06-23
Advisory published
2026-06-23
Advisory updated
2026-06-23

Who should care

Organizations using Pega Platform versions 8.3.0 through Infinity 25.1.2 should be aware of this authorization weakness and take steps to mitigate it. Authenticated users with crafted URLs may be able to access additional data, potentially leading to unauthorized data exposure. Security teams and administrators responsible for Pega Platform installations should prioritize patching and monitoring.

Technical summary

CVE-2025-62180 is an authorization weakness in Pega Platform. The vulnerability affects versions 8.3.0 through Infinity 25.1.2 and allows authenticated users to potentially access additional data via crafted URLs. The CVSS:4.0 vector for this vulnerability is AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. The weakness is classified as CWE-639.

Defensive priority

High priority should be given to patching Pega Platform versions 8.3.0 through Infinity 25.1.2 to mitigate this authorization weakness. Security teams should monitor for potential exploitation attempts and ensure that only authorized users have access to sensitive data.

Recommended defensive actions

  • Apply patches or updates provided by Pega to address the authorization weakness in Pega Platform versions 8.3.0 through Infinity 25.1.2.
  • Monitor Pega Platform installations for potential exploitation attempts and unauthorized data access.
  • Review and restrict access to sensitive data and functionality to only authorized users.
  • Implement additional security measures, such as URL filtering and access controls, to prevent exploitation.
  • Verify that security advisories and patches are applied to all affected Pega Platform installations.

Evidence notes

The CVE-2025-62180 record was obtained from the National Vulnerability Database (NVD) and the CVE.org website. Pega has provided security advisories for this vulnerability, which can be found on their support website. The CVSS score and vector were obtained from the NVD and CVE.org records.

Official resources

This article is AI-assisted and based on the supplied source corpus.