CVE-2025-30748: 
Oracle Peoplesoft Enterprise Peopletools vulnerability analysis and mitigation

A vulnerability has been identified in Oracle PeopleSoft Enterprise PeopleTools (CVE-2025-30748), affecting versions 8.60, 8.61, and 8.62. The vulnerability exists in the PIA Core Technology component and is easily exploitable by unauthenticated attackers with network access via HTTP (Oracle CPU).

The vulnerability has been assigned a CVSS 3.1 Base Score of 6.1 (Medium severity) with the vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The vulnerability is characterized by incorrect authorization (CWE-863) and requires human interaction from a person other than the attacker for successful exploitation (NVD).

Successful exploitation of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data, as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. While the vulnerability is in PeopleTools, attacks may significantly impact additional products through scope change (Oracle CPU).

Oracle has released patches for the affected versions (8.60, 8.61, and 8.62) as part of the July 2025 Critical Patch Update. It is strongly recommended that customers apply these security patches as soon as possible to address the vulnerability (Oracle CPU).