CVE-2025-61762 is a vulnerability in Oracle PeopleSoft Enterprise FIN Payables version 9.2, specifically within the Payables component. The flaw stems from insufficient access control mechanisms (CWE-284), allowing a low privileged attacker with network access over HTTP to exploit the system. The attacker can perform unauthorized operations including reading, inserting, updating, or deleting certain accessible data within the PeopleSoft FIN Payables environment. Additionally, the vulnerability can be leveraged to cause a partial denial of service, impacting availability. The attack vector is network-based (AV:N), with low attack complexity (AC:L), requiring low privileges (PR:L) but no user interaction (UI:N). The scope remains unchanged (S:U), meaning the impact is confined to the vulnerable component. The CVSS 3.1 base score of 6.3 reflects low confidentiality, integrity, and availability impacts, but still significant enough to warrant attention. No patches or exploits are currently publicly available, but the vulnerability’s ease of exploitation and potential for unauthorized data manipulation pose a tangible risk. Organizations relying on PeopleSoft FIN Payables 9.2 should assess their exposure and implement compensating controls until an official patch is released.

For European organizations, this vulnerability poses a risk to the confidentiality, integrity, and availability of financial data managed within PeopleSoft FIN Payables. Unauthorized data manipulation could lead to financial discrepancies, fraud, or compliance violations under regulations such as GDPR and SOX. Partial denial of service could disrupt financial operations, affecting business continuity and causing operational delays. Organizations in finance, government, and large enterprises using PeopleSoft 9.2 are particularly vulnerable. The ability for a low privileged attacker to exploit this remotely increases the threat surface, especially if internal network segmentation or access controls are weak. The impact extends to reputational damage and potential regulatory penalties if sensitive financial data is exposed or altered.

1. Immediate mitigation should include restricting network access to PeopleSoft FIN Payables interfaces to trusted IP ranges and enforcing strict network segmentation to limit exposure. 2. Implement enhanced monitoring and logging of all access and modification attempts within PeopleSoft FIN Payables to detect suspicious activities early. 3. Apply principle of least privilege rigorously to all PeopleSoft user accounts, ensuring that users have only the minimum necessary permissions. 4. Use Web Application Firewalls (WAF) with custom rules to detect and block anomalous HTTP requests targeting PeopleSoft FIN Payables. 5. Regularly audit PeopleSoft configurations and access controls to identify and remediate misconfigurations. 6. Stay alert for Oracle’s official patch release and plan for rapid deployment. 7. Conduct internal penetration testing focusing on PeopleSoft FIN Payables to identify potential exploitation paths. 8. Educate IT and security teams about this vulnerability to improve incident response readiness.