Pega Platform: Critical Stored XSS in Admin Interface

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

4.8

Pega Platform: Critical Stored XSS in Admin Interface

CVE-2025-62183

Summary

Administrators with access to the Pega Platform interface may be able to execute malicious code, potentially stealing sensitive information or disrupting the system. This issue affects Pega Platform versions 8.1.0 through 25.1.1. To protect your system, apply the latest security updates or upgrades to the latest version.

Original title

Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access ri...

Original description

Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality and Integrity are low.

nvd CVSS4.0 4.8

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://support.pega.com/support-doc/pega-security-advisory-n25-vulnerability-re...

Published: 17 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026