CVE-2025-61750
BaseFortify
Publication date: 2025-10-21
Last updated on: 2025-10-24
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | peoplesoft_enterprise_peopletools | 8.61 |
| oracle | peoplesoft_enterprise_peopletools | 8.62 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the PeopleSoft Enterprise PeopleTools product, specifically in the Query component for versions 8.61 and 8.62. It allows a low privileged attacker with network access via HTTP to exploit the system easily and gain unauthorized read access to some of the accessible data within PeopleSoft Enterprise PeopleTools.
How can this vulnerability impact me? :
The impact of this vulnerability is unauthorized disclosure of data. An attacker could read a subset of data accessible through PeopleSoft Enterprise PeopleTools without proper authorization, potentially leading to information leakage.