CVE-2025-12455

Observable response discrepancy vulnerability in OpenText™ Vertica allows Password Brute Forcing. The vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://portal.microfocus.com/s/article/KM000045854?language=en_US	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:opentext:vertica:*:*:*:*:*:*:*:*

History

17 Apr 2026, 15:18

Type	Values Removed	Values Added
References	~~() https://portal.microfocus.com/s/article/KM000045854?language=en_US -~~	() https://portal.microfocus.com/s/article/KM000045854?language=en_US - Vendor Advisory
Summary		(es) Vulnerabilidad de discrepancia de respuesta observable en OpenText™ Vertica permite el forzado de contraseña por fuerza bruta. La vulnerabilidad podría conducir al forzado de contraseña por fuerza bruta en la aplicación de consola de gestión de Vertica. Este problema afecta a Vertica: desde 10.0 hasta 10.X, desde 11.0 hasta 11.X, desde 12.0 hasta 12.X.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
CPE		cpe:2.3:a:opentext:vertica::::::::
First Time		Opentext Opentext vertica

13 Mar 2026, 19:53

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-13 19:53

Updated : 2026-04-17 15:18

NVD link : CVE-2025-12455

Mitre link : CVE-2025-12455

CVE.ORG link : CVE-2025-12455

JSON object : View

Products Affected

opentext

vertica

CWE

CWE-204

Observable Response Discrepancy

{"id": "CVE-2025-12455", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "security@opentext.com", "cvssData": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "USER", "baseScore": 5.1, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-13T19:53:47.873", "references": [{"url": "https://portal.microfocus.com/s/article/KM000045854?language=en_US", "tags": ["Vendor Advisory"], "source": "security@opentext.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security@opentext.com", "description": [{"lang": "en", "value": "CWE-204"}]}], "descriptions": [{"lang": "en", "value": "Observable response discrepancy vulnerability in OpenText\u2122 Vertica allows Password Brute Forcing.\u00a0\u00a0\nThe vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X."}, {"lang": "es", "value": "Vulnerabilidad de discrepancia de respuesta observable en OpenText\u2122 Vertica permite el forzado de contrase\u00f1a por fuerza bruta.\nLa vulnerabilidad podr\u00eda conducir al forzado de contrase\u00f1a por fuerza bruta en la aplicaci\u00f3n de consola de gesti\u00f3n de Vertica. Este problema afecta a Vertica: desde 10.0 hasta 10.X, desde 11.0 hasta 11.X, desde 12.0 hasta 12.X."}], "lastModified": "2026-04-17T15:18:57.060", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opentext:vertica:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE167C3A-8090-4A7C-A725-3406D3CF1418", "versionEndIncluding": "12.0.4-34", "versionStartIncluding": "10.0.0-0"}], "operator": "OR"}]}], "sourceIdentifier": "security@opentext.com"}