cbcvebase.
CVE-2025-9559
published 2025-10-16

CVE-2025-9559: Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by a Insecure Direct Object Reference issue in a user interface component that can only be used to…

PriorityP339medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.37%
28.5th percentile
Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by a Insecure Direct Object Reference issue in a user interface component that can only be used to read data.

Affected

4 ranges
VendorProductVersion rangeFixed in
pegapega_platform24.1.0 – 24.1.3
pegapega_platform24.2.0 – 24.2.2
pegapega_platform>= 7.1.0 < 23.1.523.1.5
pegasystemspega_infinity>= 8.7.5 < Infinity 24.2.3Infinity 24.2.3
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.