CVE-2025-12455

High

Published: 13 March 2026

Published

13 March 2026

Modified

17 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0005 14.3th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-12455 is a high-severity Observable Response Discrepancy (CWE-204) vulnerability in Opentext Vertica. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Password Guessing (T1110.001); ranked at the 14.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Password Guessing (T1110.001).

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SC-30 Concealment and Misdirection

addresses: CWE-204

Fake or randomized responses remove distinguishable success/failure signals attackers rely on.

SI-11 Error Handling

addresses: CWE-204

Eliminates distinguishable response discrepancies in error conditions that could be exploited for reconnaissance.

MITRE ATT&CK Enterprise TechniquesAI

T1110.001 Password Guessing Credential Access

Adversaries with no prior knowledge of legitimate credentials within the system or environment may guess passwords to attempt access to accounts.

attack.mitre.org →

Why these techniques?

Observable response discrepancy directly enables efficient password guessing/brute force against the management console.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Observable response discrepancy vulnerability in OpenText™ Vertica allows Password Brute Forcing. The vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X.

Deeper analysisAI

CVE-2025-12455 is an observable response discrepancy vulnerability in OpenText™ Vertica that allows password brute forcing. The issue affects the Vertica management console application in versions from 10.0 through 10.X, from 11.0 through 11.X, and from 12.0 through 12.X.

Unauthenticated remote attackers with network access can exploit this vulnerability due to low attack complexity and no requirement for privileges or user interaction. By observing discrepancies in server responses during authentication attempts, attackers can perform efficient brute force attacks against passwords for the management console, potentially obtaining valid credentials and achieving high confidentiality impact, as reflected in the CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). The vulnerability is classified under CWE-204.

Mitigation guidance is available in the vendor advisory at https://portal.microfocus.com/s/article/KM000045854?language=en_US.

Details

CWE(s): CWE-204

Affected Products

opentext

vertica

10.0.0-0 — 12.0.4-34

CVEs Like This One

CVE-2025-23193Shared CWE-204

CVE-2025-8054Same vendor: Opentext

CVE-2026-3266Same vendor: Opentext

CVE-2026-4113Shared CWE-204

CVE-2026-33419Shared CWE-204

References

https://portal.microfocus.com/s/article/KM000045854?language=en_US
Vendor Advisory · security@opentext.com