CVE-2025-53059 — Improper Access Control in Corporation Peoplesoft Enterprise Peopletools

CWE-284 — Improper Access Control5 documents5 sources

Severity

4.9MEDIUMNVD

EPSS

0.0%

top 87.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Corporation Peoplesoft Enterprise Peopletools Oracle Peoplesoft Enterprise Peopletools

Timeline

PublishedOct 21

Description

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: OpenSearch Dashboards). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶NVDoracle/peoplesoft_enterprise_peopletools8.60, 8.61, 8.62+2

▶CVEListV5oracle_corporation/peoplesoft_enterprise_peopletools8.60, 8.61, 8.62+2

🔴Vulnerability Details

CVEList

CVE-2025-53059: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: OpenSearch Dashboards)↗2025-10-21

▶

GHSA

GHSA-v5xr-ggqr-g2m8: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: OpenSearch Dashboards)↗2025-10-21

▶

📋Vendor Advisories

Oracle

Oracle Oracle PeopleSoft Risk Matrix: OpenSearch Dashboards — CVE-2025-53059↗2025-10-15

▶

Microsoft

wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()↗2024-11-12

▶