Pega Customer Service Framework CVE-2025-62182
Lifecycle Timeline
2DescriptionCVE.org
Pega Customer Service Framework versions 8.7.0 through 25.1.0 are affected by a Unrestricted file upload vulnerability, where a privileged user could potentially upload a malicious file.
AnalysisAI
Pega Customer Service Framework versions 8.7.0 versions up to 25.1.0 is affected by unrestricted upload of file with dangerous type.
Technical ContextAI
This vulnerability (CWE-434: Unrestricted Upload of File with Dangerous Type) affects Pega Customer Service Framework versions 8.7.0. Pega Customer Service Framework versions 8.7.0 through 25.1.0 are affected by a Unrestricted file upload vulnerability, where a privileged user could potentially upload a malicious file.
Affected ProductsAI
Product: Pega Customer Service Framework versions 8.7.0. Versions: up to 25.1.0.
RemediationAI
Monitor vendor advisories for a patch. Validate file types by content. Store uploads outside web root.
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today