Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Multiple High XSS vulnerabilities in Pega, Patch Immediately!
Image
Published : 15/04/2025
- Last update: 15/04/2025
- Affected software: Pega Platform from version 7.2.1 or 8.4.3 to 24.2.1
- Type: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') XSS
- CVE/CVSS
→ CVE-2025-2160: CVSS 8.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N)
→ CVE-2025-2161: CVSS 8.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N)
Sources
https://support.pega.com/support-doc/pega-security-advisory-d25-vulnerability-remediation-note
Risks
Pega is a low-code application development platform used to build and deploy enterprise-level software solutions. It's designed to streamline business processes, automate workflows, and enhance customer engagement by allowing for rapid application development with minimal coding, leveraging visual models and pre-built components.
On 14 April 2025, Pega announced that two high criticality vulnerabilities (CVE-2025-2160, CVE-2025-2161) have been found in the Pega platform from version 7.2.1 or 8.4.3 until including 24.2.1.
Both vulnerabilities exist in the Mashup feature of Pega’s platform, and they can allow an attacker to inject scripts that can be executed in a victim’s web browser.
As of 15 April 2025, there are no publicly reported incidents of either of those vulnerabilities being exploited in the wild and there is no available proof-of-concept (PoC) online.
Exploiting CVE-2025-2160 has a high impact on confidentiality and integrity, but no impact on the availability of the system.
Exploiting CVE-2025-2161 has a high impact on confidentiality, low impact on integrity, and no impact on the availability of the system.
Description
CVE-2025-2160 & CVE-2025-2161:
A remote unauthenticated attacker with user interaction can exploit either of these two vulnerabilities to steal sensitive user credentials. That can allow the attacker to hijack user sessions and execute unauthorized actions on behalf of the victim.
The attacker can finally access confidential information that is stored in the browser. This occurs because there is no or incomplete neutralization of user input before it is processed and before it is used as output for a web page.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-2160
https://nvd.nist.gov/vuln/detail/CVE-2025-2161