cbcvebase.
CVE-2025-8681
published 2025-09-10

CVE-2025-8681: Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stored XSS issue in a user interface component. Requires a high privileged user with a…

PriorityP427medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.18%
7.9th percentile
Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stored XSS issue in a user interface component. Requires a high privileged user with a developer role.

Affected

7 ranges
VendorProductVersion rangeFixed in
msrcazl3_libdwarf_0.9.0-1_on_azure_linux_3.0
msrccbl2_libdwarf_0.9.0-3_on_cbl_mariner_2.0
msrccbl2_libdwarf_0.9.0_on_cbl_mariner_2.0
pegapega_platform>= 24.1.0 < 24.1.324.1.3
pegapega_platform>= 24.2.0 < 24.2.224.2.2
pegapega_platform>= 7.1.0 < 23.1.523.1.5
pegasystemspega_infinity>= 7.1.0 < Infinity 24.2.3Infinity 24.2.3

CVSS provenance

nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
vendor_msrc5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.