CVE-2025-21545
📋 TL;DR
This vulnerability allows unauthenticated attackers to cause denial of service (DoS) attacks against Oracle PeopleSoft Enterprise PeopleTools by sending specially crafted HTTP requests to the OpenSearch component. It affects PeopleSoft Enterprise PeopleTools versions 8.60 and 8.61. Successful exploitation results in system hangs or crashes.
💻 Affected Systems
- Oracle PeopleSoft Enterprise PeopleTools
📦 What is this software?
Peoplesoft Enterprise Peopletools by Oracle
⚠️ Risk & Real-World Impact
Worst Case
Complete unavailability of PeopleSoft Enterprise PeopleTools services, disrupting business operations that depend on these systems.
Likely Case
Intermittent service disruptions or performance degradation affecting users and applications relying on PeopleSoft tools.
If Mitigated
Minimal impact if systems are patched or network access is properly restricted.
🎯 Exploit Status
The vulnerability is described as 'easily exploitable' and requires only network access via HTTP with no authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Oracle's Critical Patch Update for January 2025 for specific patch details
Vendor Advisory: https://www.oracle.com/security-alerts/cpujan2025.html
Restart Required: Yes
Instructions:
1. Review Oracle's January 2025 Critical Patch Update advisory. 2. Download and apply the appropriate patch for your PeopleSoft Enterprise PeopleTools version. 3. Restart affected services. 4. Test functionality after patching.
🔧 Temporary Workarounds
Network Access Restriction
allRestrict network access to PeopleSoft Enterprise PeopleTools systems to only trusted IP addresses and networks
Use firewall rules to limit access (e.g., iptables, Windows Firewall, network ACLs)
Load Balancer/Web Application Firewall Rules
allConfigure WAF or load balancer to block suspicious HTTP requests to OpenSearch endpoints
Configure rate limiting and request filtering for /PSIGW/OpenSearch/* paths
🧯 If You Can't Patch
- Implement strict network segmentation and firewall rules to limit access to PeopleSoft systems
- Deploy web application firewall with specific rules to detect and block exploitation attempts
🔍 How to Verify
Check if Vulnerable:
Check PeopleTools version via PeopleSoft application menu: PeopleTools > About PeopleToolsCheck Version:
Not applicable - use PeopleSoft application interface for version verificationVerify Fix Applied:
Verify patch application through PeopleTools version check and test OpenSearch functionality📡 Detection & Monitoring
Log Indicators:
- Multiple HTTP requests to OpenSearch endpoints resulting in application errors or crashes
- Unusual traffic patterns from unauthenticated sources
Network Indicators:
- Spike in HTTP requests to /PSIGW/OpenSearch/* paths
- Unusual traffic from external IP addresses to PeopleSoft ports
SIEM Query:
source="peoplesoft" AND (uri_path="/PSIGW/OpenSearch/*" OR error="crash" OR error="hang") AND src_ip NOT IN trusted_networks