CVE-2025-12454
Received Received - Intake
Reflected XSS in OpenText Vertica Management Console

Publication date: 2026-03-13

Last updated on: 2026-04-17

Assigner: OpenText

Description
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenTextβ„’ Vertica allows Reflected XSS.Β  The vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X, from 25.1.0 through 25.1.X.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-13
Last Modified
2026-04-17
Generated
2026-06-16
AI Q&A
2026-03-13
EPSS Evaluated
2026-06-15
NVD
CVE-2025-12454
EUVD
EUVD-2025-208642
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
opentext vertica From 10.0.0-0 (inc) to 25.2.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a reflected cross-site scripting (XSS) issue in the OpenText Vertica management console application. It occurs due to improper neutralization of input during web page generation, allowing an attacker to inject malicious scripts that are reflected back to the user.

Impact Analysis

The vulnerability could allow an attacker to perform reflected XSS attacks, potentially leading to the execution of malicious scripts in the context of the affected application. This can result in unauthorized actions, theft of sensitive information, or session hijacking when users interact with the Vertica management console.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12454. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart