Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Panel Processor
CVE-2025-30697

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Peoplesoft Enterprise Peopletools
Vendor: CVE Published:; 15 April 2025

Summary

A vulnerability in the Panel Processor component of Oracle's PeopleSoft Enterprise PeopleTools permits low privileged attackers with network access via HTTP to exploit and compromise the software. The vulnerability, affecting versions 8.60, 8.61, and 8.62, requires user interaction from an individual other than the attacker for successful exploitation. While primarily rooted in PeopleSoft Enterprise PeopleTools, attacks can extend to other interconnected products, leading to unauthorized access that can alter or disclose sensitive data within the platform. This poses a significant risk as it can allow for unauthorized updates, insertions, deletions, and unauthorized read access to accessible data.

Affected Version(s)

PeopleSoft Enterprise PeopleTools 8.60

PeopleSoft Enterprise PeopleTools 8.61

PeopleSoft Enterprise PeopleTools 8.62

References

https://www.oracle.com/security-alerts/cpuapr2025.html

vendor-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 15, 2025
Vulnerability Reserved
Mar 25, 2025