CVE-2025-12455
Published: 13 March 2026
Summary
CVE-2025-12455 is a medium-severity Observable Response Discrepancy (CWE-204) vulnerability in Opentext Vertica. Its CVSS base score is 5.1 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Password Guessing (T1110.001); ranked at the 15.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-7 (Unsuccessful Logon Attempts) and IA-6 (Authentication Feedback).
Deeper analysis
CVE-2025-12455 is an observable response discrepancy vulnerability in OpenText™ Vertica that allows password brute forcing. The issue affects the Vertica management console application in versions from 10.0 through 10.X, from 11.0 through 11.X, and from 12.0 through 12.X.
Unauthenticated remote attackers with network access can exploit this vulnerability due to low attack complexity and no requirement for privileges or user interaction. By observing discrepancies in server responses during authentication attempts, attackers can perform efficient brute force attacks against passwords for the management console, potentially obtaining valid credentials and achieving high confidentiality impact, as reflected in the CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). The vulnerability is classified under CWE-204.
Mitigation guidance is available in the vendor advisory at https://portal.microfocus.com/s/article/KM000045854?language=en_US.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-208643
Vulnerability details
Observable response discrepancy vulnerability in OpenText™ Vertica allows Password Brute Forcing. The vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Observable response discrepancy directly enables efficient password guessing/brute force against the management console.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Obscures authentication feedback to prevent observable response discrepancies that enable efficient password brute forcing.
Limits consecutive unsuccessful logon attempts and enforces account lockouts or delays to thwart brute force attacks on the management console.
Remediates the specific observable response discrepancy flaw in affected Vertica versions through timely patching per vendor guidance.