CVE-2025-53048
BaseFortify
Publication date: 2025-10-21
Last updated on: 2025-10-23
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | peoplesoft_enterprise_peopletools | From 8.60 (inc) to 8.62 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Rich Text Editor component of Oracle PeopleSoft Enterprise PeopleTools versions 8.60, 8.61, and 8.62. It allows a low privileged attacker with network access via HTTP to exploit the system, but requires a user other than the attacker to interact (human interaction). Successful exploitation can lead to unauthorized reading, updating, inserting, or deleting of some accessible data within PeopleSoft Enterprise PeopleTools. The vulnerability impacts confidentiality and integrity but not availability.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to gain unauthorized read access to some data and unauthorized update, insert, or delete access to some data within PeopleSoft Enterprise PeopleTools. This could lead to data breaches, data manipulation, and potential compromise of the integrity of the affected system's data.