CVE-2025-53061: 
Oracle Peoplesoft Enterprise Peopletools vulnerability analysis and mitigation

CVE-2025-53061 is a security vulnerability affecting Oracle PeopleSoft Enterprise PeopleTools versions 8.60, 8.61, and 8.62, specifically in the PIA Core Technology component. The vulnerability was discovered and disclosed in October 2025, with Oracle releasing patches as part of their Critical Patch Update (Oracle Advisory).

The vulnerability has been assigned a CVSS 3.1 Base Score of 5.5 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N. This indicates that the vulnerability is network-accessible but requires high privileges to exploit. The vulnerability is classified as easily exploitable and can be accessed via HTTP protocol (NVD).

Successful exploitation of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data, as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. While the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products due to scope change (Oracle Advisory).

Oracle has released security patches for the affected versions (8.60, 8.61, and 8.62) as part of their October 2025 Critical Patch Update. Oracle strongly recommends that customers apply Critical Patch Update security patches as soon as possible to address this vulnerability (Oracle Advisory).