CVE-2025-8681

low-risk

Published 2025-09-10

Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stored XSS issue in a user interface component. Requires a high privileged user with a developer role.

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Pega Platform

Affected Vendors

Pega

References (1)

Vendor Advisory https://support.pega.com/support-doc/pega-security-advisory-g25-vulnerability-re...

/ 100

low-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal