CVE-2025-53061
BaseFortify
Publication date: 2025-10-21
Last updated on: 2025-10-28
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | peoplesoft_enterprise_peopletools | From 8.60 (inc) to 8.62 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Oracle PeopleSoft Enterprise PeopleTools (versions 8.60, 8.61, and 8.62) within the PIA Core Technology component. It allows a highly privileged attacker with network access via HTTP to exploit the system easily. Successful exploitation can lead to unauthorized reading, updating, inserting, or deleting of some accessible data within PeopleSoft Enterprise PeopleTools. The vulnerability affects confidentiality and integrity but not availability.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker with high privileges and network access to compromise data integrity and confidentiality in PeopleSoft Enterprise PeopleTools. This means unauthorized changes to data (update, insert, delete) and unauthorized reading of some data can occur, potentially leading to data breaches or corruption within affected systems.