CVE-2025-53063
BaseFortify
Publication date: 2025-10-21
Last updated on: 2025-10-23
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | peoplesoft_enterprise_peopletools | 8.60 |
| oracle | peoplesoft_enterprise_peopletools | 8.61 |
| oracle | peoplesoft_enterprise_peopletools | 8.62 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Oracle PeopleSoft Enterprise PeopleTools (versions 8.60, 8.61, and 8.62) within the PIA Core Technology component. It allows a low privileged attacker with network access via HTTP to exploit the system, but requires a user other than the attacker to interact (human interaction). Successful exploitation can lead to unauthorized reading, updating, inserting, or deleting of some accessible data in PeopleSoft Enterprise PeopleTools. The vulnerability impacts confidentiality and integrity with a CVSS base score of 5.4.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to gain unauthorized access to read, update, insert, or delete certain data within PeopleSoft Enterprise PeopleTools. This could lead to data breaches, data manipulation, and loss of data integrity, potentially affecting business operations and data trustworthiness.