Pega regularly implements security controls designed to safeguard client environments. As part of these efforts, Pega has released patch updates addressing a medium-severity security vulnerability in Pega Customer Service (CS) Application.
No client compromises have been reported to date; however, remediation is required to ensure continued security.
We would like to thank Daniel Dorego from AFLAC for finding this vulnerability.
|
Advisory |
Description |
Impact |
Remediation |
|---|---|---|---|
|
L25 |
File Upload Vulnerability |
A file upload vulnerability potentially allows an attacker to upload a malicious file, which could be used to bypass application-layer defences.
|
24.1.4 CS Patch Release (Targeted for Dec ‘25) 24.2.3 CS Patch Release (Available) 25.1.1 CS Patch Release (Available) 26.1 CS Release (Targeted for Q2, ’26) |
Hotfixes are not being created, and the issue will be addressed only in the patch releases listed above.
As a best practice, you should update your Pega environment to the latest release to take advantage of the latest features, capabilities, security and bug fixes. See Keeping Current with Pega for details.
Dates for upcoming Infinity patch releases can be found here: Pega Infinity Patch Calendar.
CVE Details
|
CVE Details |
File Upload Vulnerability |
|---|---|
|
Software/Product |
Pega Platform |
|
Affected Version(s) |
From 8.x to 25.1.0 |
|
CVE ID |
CVE-2025- 62182 |
|
CVSS Rating |
Medium– 5.4 |
|
Description |
File Upload Vulnerability |
If you have any questions or concerns, please raise a Support ticket with Global Client Support in My Support Portal for assistance.