CVE-2025-2160: Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS issue with Mashup
8.1
CVSS
Description
Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS issue with Mashup
Classification
CVE ID: CVE-2025-2160
CVSS Base Severity: HIGH
CVSS Base Score: 8.1
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Problem Types
CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')Affected Products
Vendor: Pegasystems
Product: Pega Infinity
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.03% (probability of being exploited)
EPSS Percentile: 7.85% (scored less or equal to compared to others)
EPSS Date: 2025-04-16 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact: partial
SSVC Automatable: false
References
https://nvd.nist.gov/vuln/detail/CVE-2025-2160https://support.pega.com/support-doc/pega-security-advisory-d25-vulnerability-remediation-note