CVE-2025-62181

Name of the Vulnerable Software and Affected Versions Pega Platform versions 7.1.0 through Infinity 25.1.0

Description Pega Platform is affected by a User Enumeration issue. A remote unauthenticated user could determine the validity of a username by observing differences in response times during the user authentication process. This issue is related to the deprecated basic-authentication feature, and more secure authentication mechanisms are recommended. The username parameter is involved in this process.

Recommendations Versions 7.1.0 through 24.1.3 require updating to version 24.1.4 or later. Versions 24.1.4 through 24.2.3 require updating to version 24.2.4 or later. Versions 24.2.4 through 25.1.0 require updating to version 25.1.1 or later. Consider disabling the basic-authentication feature and adopting more secure authentication mechanisms.