CVE-2025-50062
Published: 15 July 2025
Summary
CVE-2025-50062 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Oracle Peoplesoft Enterprise Hcm Global Payroll Core. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 33.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Remediating the specific software flaw in PeopleSoft Global Payroll Core via patching directly eliminates the improper privilege management vulnerability.
Enforcing least privilege restricts low-privileged attackers from gaining unauthorized creation, deletion, modification, or access to critical data despite the vulnerability.
Requiring robust access enforcement mechanisms in the application prevents unauthorized data operations by low-privileged users exploiting the privilege management flaw.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Improper privilege management (CWE-269) in a network-accessible enterprise app directly enables a low-privileged attacker to escalate actions to unauthorized data creation/deletion/modification and access.
NVD Description
Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core product of Oracle PeopleSoft (component: Global Payroll for Core). Supported versions that are affected are 9.2.51 and 9.2.52. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to…
more
compromise PeopleSoft Enterprise HCM Global Payroll Core. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise HCM Global Payroll Core accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise HCM Global Payroll Core accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
Deeper analysisAI
CVE-2025-50062 is a vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core product of Oracle PeopleSoft, specifically affecting the Global Payroll for Core component. Supported versions 9.2.51 and 9.2.52 are impacted. The issue, linked to CWE-269 (Improper Privilege Management), carries a CVSS 3.1 Base Score of 8.1 (High) with the vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N, indicating high impacts to confidentiality and integrity but no availability impact. It was published on 2025-07-15.
A low-privileged attacker with network access via HTTP can easily exploit this vulnerability to compromise PeopleSoft Enterprise HCM Global Payroll Core. Successful exploitation enables unauthorized creation, deletion, or modification of critical data or all accessible data within the product, as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise HCM Global Payroll Core accessible data.
Oracle's Critical Patch Update for July 2025 provides details and mitigation recommendations, including patches, available at https://www.oracle.com/security-alerts/cpujul2025.html.
Details
- CWE(s)