CVE-2025-12454

Name of the Vulnerable Software and Affected Versions OpenText Vertica versions 10.0 through 10.X OpenText Vertica versions 11.0 through 11.X OpenText Vertica versions 12.0 through 12.X OpenText Vertica versions 23.0 through 23.X OpenText Vertica versions 24.0 through 24.X OpenText Vertica versions 25.1.0 through 25.1.X

Description The software contains an improper neutralization of input during web page generation, leading to a reflected cross-site scripting (XSS) issue. This can result in a reflected XSS attack through the Vertica management console application. The issue involves the injection of malicious scripts into web pages, potentially allowing an attacker to execute arbitrary code or steal sensitive information from users interacting with the affected application.

Recommendations OpenText Vertica versions 10.0 through 10.X: At the moment, there is no information about a newer version that contains a fix for this vulnerability. OpenText Vertica versions 11.0 through 11.X: At the moment, there is no information about a newer version that contains a fix for this vulnerability. OpenText Vertica versions 12.0 through 12.X: At the moment, there is no information about a newer version that contains a fix for this vulnerability. OpenText Vertica versions 23.0 through 23.X: At the moment, there is no information about a newer version that contains a fix for this vulnerability. OpenText Vertica versions 24.0 through 24.X: At the moment, there is no information about a newer version that contains a fix for this vulnerability. OpenText Vertica versions 25.1.0 through 25.1.X: At the moment, there is no information about a newer version that contains a fix for this vulnerability.