CVE-2025-12454 PUBLISHED

Improper neutralization of input during web page generation vulnerability has been discovered in OpenText™ Vertica.

Assigner: OpenText
Reserved: 28.10.2025 Published: 13.03.2026 Updated: 13.03.2026

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ Vertica allows Reflected XSS. The vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X, from 25.1.0 through 25.1.X.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/AU:Y/R:U
CVSS Score: 5.1

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Network	Confidentiality	Low	Confidentiality	Low
Attack Complexity	Low	Integrity	None	Integrity	None
Attack Requirements	None	Availability	None	Availability	None
Privileges Required	None
User Interaction	Active

CVSS 4.0

Product Status

Vendor	OpenText™
Product	Vertica
Versions	Default: unaffected affected from 10.0 to 10.x (incl.) affected from 11.0 to 11.x (incl.) affected from 12.0 to 12.x (incl.) affected from 23.0 to 23.x (incl.) affected from 24.0 to 24.x (incl.) affected from 25.1.0 to 25.1.x (incl.)

Solutions

https://portal.microfocus.com/s/article/KM000045853?language=en_US

References

https://portal.microfocus.com/s/article/KM000045853?language=en_US

Problem Types

CWE-79 Improper neutralization of input during web page generation ('cross-site scripting') CWE

Impacts

CAPEC-591 Reflected XSS