{"id":59555,"date":"2025-07-22T05:31:42","date_gmt":"2025-07-22T05:31:42","guid":{"rendered":""},"modified":"2025-10-03T06:13:42","modified_gmt":"2025-10-03T12:13:42","slug":"cve-2025-50062-critical-data-vulnerability-in-oracle-peoplesoft-enterprise-hcm-global-payroll-core","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-50062-critical-data-vulnerability-in-oracle-peoplesoft-enterprise-hcm-global-payroll-core\/","title":{"rendered":"<strong>CVE-2025-50062: Critical Data Vulnerability in Oracle PeopleSoft Enterprise HCM Global Payroll Core<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>The CVE-2025-50062 vulnerability has been discovered in Oracle PeopleSoft\u2019s Enterprise HCM Global Payroll Core product. This critical flaw potentially affects all organizations utilizing versions 9.2.51 and 9.2.52 of the software. The vulnerability is of significant concern as it allows a low-privileged attacker to compromise <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-49672-buffer-overflow-vulnerability-in-windows-routing-and-remote-access-service\/\"  data-wpil-monitor-id=\"67783\">critical data<\/a> through network access via HTTP. Unauthorized access, creation, modification, or deletion of sensitive data is possible, <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-7793-critical-vulnerability-in-tenda-fh451-leading-to-system-compromise\/\"  data-wpil-monitor-id=\"68637\">leading to a risk of system<\/a> compromise or data leakage, which could have substantial impacts on an organization&#8217;s operations and reputation.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-50062<br \/>\nSeverity: Critical &#8211; CVSS Score 8.1<br \/>\nAttack Vector: Network (HTTP)<br \/>\nPrivileges Required: Low<br \/>\nUser Interaction: None<br \/>\nImpact: Unauthorized creation, deletion, modification, and access to <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-50105-critical-vulnerability-in-oracle-universal-work-queue-allowing-unauthorized-data-access\/\"  data-wpil-monitor-id=\"68636\">critical data<\/a> or all PeopleSoft Enterprise HCM Global Payroll Core accessible data.<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-1629560646\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<p>Product | Affected Versions<\/p>\n<p>PeopleSoft Enterprise HCM Global Payroll Core | 9.2.51, 9.2.52<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>The CVE-2025-50062 exploit takes advantage of a flaw within <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-7028-exploiting-the-software-smi-handler-vulnerability\/\"  data-wpil-monitor-id=\"88164\">PeopleSoft Enterprise HCM Global Payroll<\/a> Core software. A low privileged attacker with network access via HTTP can exploit this vulnerability, <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-41668-critical-file-replacement-leading-to-unauthorized-access\/\"  data-wpil-monitor-id=\"67785\">leading to unauthorized<\/a> access to data. The attacker does not need any user interaction to perform this attack, making it particularly dangerous. Successful exploitation allows the attacker to create, delete, and modify <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-43233-critical-https-proxy-vulnerability-allowing-sensitive-data-access\/\"  data-wpil-monitor-id=\"69310\">critical data<\/a>, potentially leading to unauthorized system control or data leakage.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-3132868057\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>Below is a conceptual example of how this <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-52362-critical-server-side-request-forgery-vulnerability-in-phproxy\/\"  data-wpil-monitor-id=\"71115\">vulnerability might be exploited using a malicious HTTP request:<\/a><\/p>\n<pre><code class=\"\" data-line=\"\">POST \/PeopleSoft\/endpoint HTTP\/1.1\nHost: target.organization.com\nContent-Type: application\/json\n{ &quot;malicious_payload&quot;: &quot;data_manipulation_code&quot; }<\/code><\/pre>\n<p>In this example, the attacker sends a <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-54007-untrusted-data-deserialization-vulnerability-in-pickplugins-post-grid-and-gutenberg-blocks\/\"  data-wpil-monitor-id=\"79078\">POST request with a malicious payload designed to manipulate data<\/a> within the PeopleSoft Enterprise HCM Global Payroll Core software. The payload could potentially grant the attacker <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-5835-droip-plugin-for-wordpress-unauthorized-access-and-modification-vulnerability\/\"  data-wpil-monitor-id=\"69311\">unauthorized access<\/a> to sensitive data, or even full control over the system.<\/p>\n<p><strong>Mitigation<\/strong><\/p>\n<p><a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-50067-critical-vulnerability-in-oracle-application-express-allowing-system-takeover\/\"  data-wpil-monitor-id=\"67784\">Oracle has already released patches to address this vulnerability<\/a>. Affected organizations are urged to apply these patches as soon as possible. As a temporary mitigation, the use of a Web Application Firewall (WAF) or an Intrusion Detection System (IDS) can help detect and prevent exploitation attempts. However, these are temporary <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-52376-authentication-bypass-vulnerability-in-nexxt-solutions-ncm-x1800-mesh-router\/\"  data-wpil-monitor-id=\"75476\">solutions that do not fully address the vulnerability<\/a>, and patch application remains the most effective mitigation method.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview The CVE-2025-50062 vulnerability has been discovered in Oracle PeopleSoft\u2019s Enterprise HCM Global Payroll Core product. This critical flaw potentially affects all organizations utilizing versions 9.2.51 and 9.2.52 of the software. The vulnerability is of significant concern as it allows a low-privileged attacker to compromise critical data through network access via HTTP. Unauthorized access, creation, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[106],"product":[],"attack_vector":[],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-59555","post","type-post","status-publish","format-standard","hentry","category-uncategorized","vendor-oracle"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/59555","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=59555"}],"version-history":[{"count":7,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/59555\/revisions"}],"predecessor-version":[{"id":80979,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/59555\/revisions\/80979"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=59555"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=59555"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=59555"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=59555"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=59555"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=59555"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=59555"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=59555"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=59555"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}