CVE-2025-12486
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-06

Last updated on: 2025-11-12

Assigner: Zero Day Initiative

Description
Heimdall Data Database Proxy Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Heimdall Data Database Proxy. Minimal user interaction is required to exploit this vulnerability. The specific flaw exists within the handling of the database event logs. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of arbitrary script. An attacker can leverage this vulnerability to interact with the application in the context of the target user. Was ZDI-CAN-24755.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-06
Last Modified
2025-11-12
Generated
2026-06-16
AI Q&A
2025-11-06
EPSS Evaluated
2026-06-15
NVD
CVE-2025-12486
EUVD
EUVD-2025-38156
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
heimdall_data database_proxy 3.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Heimdall Data Database Proxy allows remote attackers to execute arbitrary code by exploiting improper validation of user-supplied data in the handling of database event logs. It enables injection of malicious scripts, requiring minimal user interaction, and lets attackers act within the context of the targeted user.

Impact Analysis

The vulnerability can lead to remote code execution on affected systems, allowing attackers to take control, steal data, or disrupt services. Since it affects confidentiality, integrity, and availability, it poses a high risk to the security of the affected environment.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12486. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart