CVE-2025-21545
Published: 21 January 2025
Description
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: OpenSearch). Supported versions that are affected are 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
Security Summary
CVE-2025-21545 is a vulnerability in the OpenSearch component of the PeopleSoft Enterprise PeopleTools product from Oracle PeopleSoft. The supported versions affected are 8.60 and 8.61. This easily exploitable issue, associated with CWE-400 (Uncontrolled Resource Consumption), allows unauthenticated attackers with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools, resulting in a denial of service through hangs or frequently repeatable crashes.
An unauthenticated attacker requires only network access via HTTP to exploit this vulnerability, with low attack complexity and no privileges, user interaction, or scope changes needed. Successful exploitation enables unauthorized complete denial of service (DoS) on PeopleSoft Enterprise PeopleTools, with no impacts on confidentiality or integrity. The CVSS 3.1 base score is 7.5 (High), reflected in the vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, primarily due to high availability impacts.
Oracle's Critical Patch Update advisory provides details on mitigation, available at https://www.oracle.com/security-alerts/cpujan2025.html.
Details
- CWE(s)