CVE-2025-21545

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-21545
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: OpenSearch). Supported versions that are affected are 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.oracle.com/security-alerts/cpujan2025.html
Configurations

No configuration.

History

13 Mar 2025, 21:15

Type Values Removed Values Added
CWE CWE-400

18 Feb 2025, 21:15

Type Values Removed Values Added
CWE CWE-770

22 Jan 2025, 18:15

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad en el producto PeopleSoft Enterprise PeopleTools de Oracle PeopleSoft (componente: OpenSearch). Las versiones compatibles afectadas son 8.60 y 8.61. Esta vulnerabilidad, que se puede explotar fácilmente, permite que un atacante no autenticado con acceso a la red a través de HTTP ponga en peligro PeopleSoft Enterprise PeopleTools. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la capacidad no autorizada de provocar un bloqueo o un bloqueo frecuente y repetitivo (DOS completo) de PeopleSoft Enterprise PeopleTools. Puntuación base de CVSS 3.1: 7,5 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
CWE CWE-770

21 Jan 2025, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-01-21 21:15

Updated : 2025-03-13 21:15

NVD link : CVE-2025-21545

Mitre link : CVE-2025-21545

CVE.ORG link : CVE-2025-21545

JSON object : View

Products Affected

No product.

CWE
CWE-400

Uncontrolled Resource Consumption