CVE-2025-30747: 
Oracle Peoplesoft Enterprise Peopletools vulnerability analysis and mitigation

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.60, 8.61 and 8.62. This vulnerability allows unauthenticated attackers with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools, though successful attacks require human interaction from a person other than the attacker (Oracle CPU).

The vulnerability has been assigned a CVSS 3.1 Base Score of 4.3 (Confidentiality impacts) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N. The vulnerability is classified under CWE-863 (Incorrect Authorization). The attack vector is network-based (HTTP), requires low attack complexity, needs no privileges, but does require user interaction (NVD).

Successful exploitation of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. The confidentiality impact is rated as Low, while there are no direct impacts on integrity or availability of the system (Oracle CPU).

Oracle has released patches for the affected versions (8.60, 8.61, and 8.62) of PeopleSoft Enterprise PeopleTools as part of the July 2025 Critical Patch Update. Oracle strongly recommends that customers apply the security patches as soon as possible (Oracle CPU).