CVE-2025-62180

Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs.

CVSS 7.1 HIGHCWE-639

In short

Pega Platform has a flaw that lets logged-in users access data they shouldn't by using specially crafted URLs. This is serious because it exposes sensitive information to people who already have basic access to the system.

Technical detail

An authorization bypass vulnerability in Pega Platform (8.3.0 to Infinity 25.1.2) allows authenticated users to escalate privileges and access unauthorized data through URL manipulation. The vulnerability results from insufficient access control validation on certain endpoints, enabling horizontal or vertical privilege escalation for any authenticated attacker.

Summary generated and translated by AI from the official description.

Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N

Affected products

Pegasystems · Pega Infinity

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://support.pega.com/support-doc/pega-security-advisory-h26-vulnerability-remediation-note https://support.pega.com/support-doc/pega-security-advisory-i25-vulnerability-remediation-note