CVE-2025-53055: 
Oracle Peoplesoft Enterprise Peopletools vulnerability analysis and mitigation

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology) affects versions 8.60, 8.61 and 8.62. This vulnerability allows unauthenticated attackers with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools, requiring human interaction from a person other than the attacker. The vulnerability was disclosed on October 21, 2025, and received a CVSS 3.1 Base Score of 6.1 (Medium) (Oracle Advisory).

The vulnerability is characterized by a CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N), indicating network-based attack vector with low attack complexity, requiring no privileges but user interaction. The scope is changed, meaning attacks may significantly impact additional products beyond PeopleSoft Enterprise PeopleTools (NVD).

Successful exploitation can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data, as well as unauthorized read access to a subset of accessible data. The vulnerability affects both confidentiality and integrity of the system, though availability is not impacted (Oracle Advisory).

Oracle has released patches as part of the October 2025 Critical Patch Update. Organizations running affected versions (8.60, 8.61, and 8.62) of PeopleSoft Enterprise PeopleTools should apply the security patches immediately. Oracle strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay (Oracle Advisory).