CP
cyberpings
VulnerabilitiesMEDIUM

PEGA Infinity Platform - Multiple Vulnerabilities Discovered

FDFull Disclosure
CVE-2025-62181CVE-2025-9559PEGA Infinity
🎯

Basically, there are security holes in PEGA Infinity that could let bad guys access user data.

Quick Summary

SEC Consult has revealed multiple vulnerabilities in the PEGA Infinity platform. Users of affected versions should act quickly to install patches. Failure to do so could lead to unauthorized access and data breaches. Stay secure by updating your systems now.

The Flaw

Recently, SEC Consult Vulnerability Lab disclosed multiple vulnerabilities in the PEGA Infinity platform. These vulnerabilities are identified as CVE-2025-62181 and CVE-2025-9559. The first flaw relates to weak brute-force protection on the login page, while the second involves an Insecure Direct Object Reference (IDOR) issue. Both vulnerabilities can lead to unauthorized access and data exposure.

CVE-2025-62181 affects versions from 7.1.0 through Infinity 25.1.0, while CVE-2025-9559 impacts versions 8.7.5 to Infinity 24.2.2. The weak brute-force protection allows attackers to perform username enumeration and password spraying attacks, potentially compromising user accounts. Meanwhile, the IDOR vulnerability enables unauthorized access to files that should be restricted.

What's at Risk

The vulnerabilities could allow attackers to gain unauthorized access to sensitive data. For instance, the weak brute-force protection can be exploited to determine valid usernames and attempt to log in using common passwords. This could lead to unauthorized access to user accounts, putting personal and organizational data at risk.

Additionally, the IDOR vulnerability allows attackers to access files uploaded by other users without proper authorization checks. This could expose sensitive images or documents, further escalating the risk for users and organizations relying on the PEGA Infinity platform for secure operations.

Patch Status

The vendor has released patches to address these vulnerabilities. For CVE-2025-62181, the fixed versions are 24.1.4, 24.2.4, and 25.1.1. For CVE-2025-9559, version 24.2.3 is recommended. Users are strongly advised to install these patches immediately to mitigate the risks associated with these vulnerabilities.

It is crucial for organizations using affected versions to conduct thorough security reviews. This will help identify and resolve any additional security issues that may not have been addressed by the patches.

Immediate Actions

To protect your systems, take the following steps:

  • Update the PEGA Infinity platform to the latest patched versions as soon as possible.
  • Conduct a security review of your systems to identify any potential vulnerabilities.
  • Implement additional security measures, such as stronger password policies and multi-factor authentication, to enhance protection against brute-force attacks.

By taking these actions, organizations can significantly reduce their risk of exploitation and protect sensitive data from unauthorized access.

🔒 Pro insight: Immediate patching is critical as these vulnerabilities could be exploited rapidly by attackers leveraging brute-force tactics.

Original article from

Full Disclosure

Read Full Article

Share

Related Pings

HIGHVulnerabilities

CISA Urges Endpoint Security Hardening After Stryker Attack

CISA is urging organizations to enhance their endpoint security due to the Stryker attack. This warning comes as concerns grow over threats involving Microsoft Intune. Strengthening security is crucial to prevent potential data breaches and operational disruptions.

Cybersecurity Dive·
HIGHVulnerabilities

Vulnerabilities - Multiple Privilege Escalation Risks Found

Multiple privilege escalation vulnerabilities have been discovered in Arturia Software Center for MacOS. Users of version 2.12.0.3157 are at risk. Immediate action is needed to secure systems until a fix is available.

Full Disclosure·
HIGHVulnerabilities

Vulnerabilities in iOS and macOS - Security Updates Released

Apple has released important security updates for iOS and macOS. These updates fix a critical vulnerability in WebKit that could expose users to risks. It's crucial for all users to update their devices immediately to ensure safety.

Full Disclosure·
HIGHVulnerabilities

iOS Vulnerabilities - DarkSword Exploit Kit Uncovered

DarkSword, a new iOS exploit kit, has been uncovered, targeting vulnerabilities in iPhones. Millions of users are at risk of data theft. It's crucial to update your devices now to stay protected.

Help Net Security·
CRITICALVulnerabilities

Telnet Vulnerability - Critical Flaw Enables Remote Code Execution

A critical flaw in Telnet allows remote code execution as root, exposing legacy systems to serious risks. Immediate action is needed to protect vulnerable infrastructure. Stay informed and take steps to secure your systems.

CSO Online·
HIGHVulnerabilities

Vulnerability - Local Privilege Escalation in Ubuntu Snap

A critical vulnerability in Ubuntu Desktop allows unprivileged users to gain root access. This flaw, CVE-2026-3888, poses significant security risks. Users should stay updated and limit unprivileged access to their systems.

Full Disclosure·