CVE-2025-2161 — Vulnetix

CVE-2025-2161 PUBLISHED CVSS 7.099999904632568 HIGH

Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by an XSS issue with Mashup

EPSS 0.21% · 43.8th percentile

Risk Scores

CVSS 3.1

7.099999904632568

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

EPSS Score

0.21%

43.8th percentile

Affected Products

Vendor	Product	Versions
Pegasystems	Pega Infinity	7.2.1
pega	pega_platform	7.2.1, 24.1.0, 24.2.0

Exploit Intelligence

CIRCL seen: CVE-2025-2161 (circl-sighting)
https://support.pega.com/support-doc/pega-security-advisory-d25-vulnerability-remediation-note (circl)

Timeline

Apr 14, 2025 CVE Published
Apr 14, 2025 CVE Updated
Apr 15, 2025 EPSS Score
Apr 15, 2025 PoC Published
Apr 18, 2025 Coalition ESS Score
Apr 27, 2025 EPSS Score
May 10, 2025 EPSS Score
May 22, 2025 EPSS Score
Jun 4, 2025 EPSS Score
Jun 16, 2025 EPSS Score
Jun 28, 2025 EPSS Score
Jul 11, 2025 EPSS Score

References

https://support.pega.com/support-doc/pega-security-advisory-d25-vulnerability-remediation-note vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-2161 advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›