Unauthenticated Access Vulnerability in Oracle PeopleSoft Enterprise PeopleTools
CVE-2025-30747

4.3MEDIUM

Key Information:

Vendor: Oracle
Status: Peoplesoft Enterprise Peopletools
Vendor: CVE Published:; 15 July 2025

What is CVE-2025-30747?

A security vulnerability exists in Oracle PeopleSoft Enterprise PeopleTools, affecting versions 8.60, 8.61, and 8.62. This issue allows an unauthenticated attacker with network access over HTTP to potentially compromise the system. Successful exploitation of this vulnerability necessitates human interaction from a user other than the attacker. If the attack is successful, it can lead to unauthorized read access to sensitive data within the PeopleSoft application. Organizations are advised to review their security protocols and consider implementing corrective measures to mitigate risks associated with this vulnerability.

Affected Version(s)

PeopleSoft Enterprise PeopleTools 8.60

PeopleSoft Enterprise PeopleTools 8.61

PeopleSoft Enterprise PeopleTools 8.62

References

https://www.oracle.com/security-alerts/cpujul2025.html

vendor-advisory

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 15, 2025
Vulnerability Reserved
Mar 26, 2025