Cyber Resilience

CVE-2025-50062

High

Published: 15 July 2025

Published
15 July 2025
Modified
29 July 2025
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0040 60.9th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-50062 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Oracle Peoplesoft Enterprise Hcm Global Payroll Core. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 39.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-50062 is a vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core product of Oracle PeopleSoft, specifically affecting the Global Payroll for Core component. Supported versions 9.2.51 and 9.2.52 are impacted. The issue, linked to CWE-269 (Improper Privilege Management), carries a CVSS 3.1 Base Score of 8.1 (High) with the vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N, indicating high impacts to confidentiality and integrity but no availability impact. It was published on 2025-07-15.

A low-privileged attacker with network access via HTTP can easily exploit this vulnerability to compromise PeopleSoft Enterprise HCM Global Payroll Core. Successful exploitation enables unauthorized creation, deletion, or modification of critical data or all accessible data within the product, as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise HCM Global Payroll Core accessible data.

Oracle's Critical Patch Update for July 2025 provides details and mitigation recommendations, including patches, available at https://www.oracle.com/security-alerts/cpujul2025.html.

EU & UK References

Vulnerability details

Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core product of Oracle PeopleSoft (component: Global Payroll for Core). Supported versions that are affected are 9.2.51 and 9.2.52. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to…

more

compromise PeopleSoft Enterprise HCM Global Payroll Core. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise HCM Global Payroll Core accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise HCM Global Payroll Core accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Improper privilege management (CWE-269) in a network-accessible enterprise app directly enables a low-privileged attacker to escalate actions to unauthorized data creation/deletion/modification and access.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-21957Same vendor: Oracle
CVE-2026-21983Same vendor: Oracle
CVE-2026-46837Same vendor: Oracle
CVE-2026-21956Same vendor: Oracle
CVE-2026-35242Same vendor: Oracle
CVE-2026-21988Same vendor: Oracle
CVE-2026-21990Same vendor: Oracle
CVE-2025-21571Same vendor: Oracle
CVE-2025-21532Same vendor: Oracle
CVE-2026-21955Same vendor: Oracle

Affected Assets

oracle
peoplesoft enterprise hcm global payroll core
9.2.51, 9.2.52

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Remediating the specific software flaw in PeopleSoft Global Payroll Core via patching directly eliminates the improper privilege management vulnerability.

prevent

Enforcing least privilege restricts low-privileged attackers from gaining unauthorized creation, deletion, modification, or access to critical data despite the vulnerability.

prevent

Requiring robust access enforcement mechanisms in the application prevents unauthorized data operations by low-privileged users exploiting the privilege management flaw.

References