CVE-2025-12455 - Vulnerability Details - OpenCVE

Observable response discrepancy vulnerability in OpenText™ Vertica allows Password Brute Forcing. The vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://portal.microfocus.com/s/article/KM000045854?language=en_US

History

Fri, 13 Mar 2026 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 13 Mar 2026 18:45:00 +0000

Type	Values Removed	Values Added
Description		Observable response discrepancy vulnerability in OpenText™ Vertica allows Password Brute Forcing. The vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X.
Title		Username Enumeration Observable Response Discrepancy vulnerability has been discovered in OpenText™ Vertica.
Weaknesses		CWE-204
References		https://portal.microfocus.com/s/article/KM000045854?language=en_US
Metrics		cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/S:N/AU:Y/R:U'}`

MITRE

Status: PUBLISHED

Assigner: OpenText

Published: 2026-03-13T18:30:27.903Z

Updated: 2026-03-13T19:33:40.096Z

Reserved: 2025-10-28T21:28:44.651Z

Link: CVE-2025-12455

Vulnrichment

Updated: 2026-03-13T19:33:37.168Z

NVD

Status : Received

Published: 2026-03-13T19:53:47.873

Modified: 2026-03-13T19:53:47.873

Link: CVE-2025-12455

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12455", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "state": "PUBLISHED", "assignerShortName": "OpenText", "dateReserved": "2025-10-28T21:28:44.651Z", "datePublished": "2026-03-13T18:30:27.903Z", "dateUpdated": "2026-03-13T19:33:40.096Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2026-03-13T18:30:27.903Z"}, "title": "Username Enumeration Observable Response Discrepancy vulnerability has been discovered in OpenText\u2122 Vertica.", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-204", "description": "CWE-204 Observable response discrepancy", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-49", "descriptions": [{"lang": "en", "value": "CAPEC-49 Password Brute Forcing"}]}], "affected": [{"vendor": "OpenText\u2122", "product": "Vertica", "versions": [{"status": "affected", "version": "10.0", "lessThanOrEqual": "10.x", "versionType": "custom"}, {"status": "affected", "version": "11.0", "lessThanOrEqual": "11.x", "versionType": "custom"}, {"status": "affected", "version": "12.0", "lessThanOrEqual": "12.x", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Observable response discrepancy vulnerability in OpenText\u2122 Vertica allows Password Brute Forcing.\u00a0\u00a0\nThe vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Observable response discrepancy vulnerability in OpenText\u2122 Vertica allows Password Brute Forcing.  \nThe vulnerability could lead to Password Brute Forcing in Vertica management console application.<p>This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X.</p>"}]}], "references": [{"url": "https://portal.microfocus.com/s/article/KM000045854?language=en_US"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "LOW", "subConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NEGLIGIBLE", "Automatable": "YES", "Recovery": "USER", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 5.1, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/S:N/AU:Y/R:U"}}], "solutions": [{"lang": "en", "value": "https://portal.microfocus.com/s/article/KM000045854?language=en_US", "supportingMedia": [{"type": "text/html", "base64": false, "value": "https://portal.microfocus.com/s/article/KM000045854?language=en_US"}]}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-13T19:33:33.057816Z", "id": "CVE-2025-12455", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T19:33:40.096Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-12455", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-13T19:33:33.057816Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T19:33:37.168Z"}}], "cna": {"title": "Username Enumeration Observable Response Discrepancy vulnerability has been discovered in OpenText\u2122 Vertica.", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-49", "descriptions": [{"lang": "en", "value": "CAPEC-49 Password Brute Forcing"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "USER", "baseScore": 5.1, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/S:N/AU:Y/R:U", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "OpenText\u2122", "product": "Vertica", "versions": [{"status": "affected", "version": "10.0", "versionType": "custom", "lessThanOrEqual": "10.x"}, {"status": "affected", "version": "11.0", "versionType": "custom", "lessThanOrEqual": "11.x"}, {"status": "affected", "version": "12.0", "versionType": "custom", "lessThanOrEqual": "12.x"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "https://portal.microfocus.com/s/article/KM000045854?language=en_US", "supportingMedia": [{"type": "text/html", "value": "https://portal.microfocus.com/s/article/KM000045854?language=en_US", "base64": false}]}], "references": [{"url": "https://portal.microfocus.com/s/article/KM000045854?language=en_US"}], "x_generator": {"engine": "Vulnogram 1.0.0"}, "descriptions": [{"lang": "en", "value": "Observable response discrepancy vulnerability in OpenText\u2122 Vertica allows Password Brute Forcing.\u00a0\u00a0\nThe vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X.", "supportingMedia": [{"type": "text/html", "value": "Observable response discrepancy vulnerability in OpenText\u2122 Vertica allows Password Brute Forcing.  \nThe vulnerability could lead to Password Brute Forcing in Vertica management console application.<p>This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-204", "description": "CWE-204 Observable response discrepancy"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2026-03-13T18:30:27.903Z"}}}, "cveMetadata": {"cveId": "CVE-2025-12455", "state": "PUBLISHED", "dateUpdated": "2026-03-13T19:33:40.096Z", "dateReserved": "2025-10-28T21:28:44.651Z", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "datePublished": "2026-03-13T18:30:27.903Z", "assignerShortName": "OpenText"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Observable response discrepancy vulnerability in OpenText\u2122 Vertica allows Password Brute Forcing.\u00a0\u00a0\nThe vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X."}], "id": "CVE-2025-12455", "lastModified": "2026-03-13T19:53:47.873", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@opentext.com", "type": "Secondary"}]}, "published": "2026-03-13T19:53:47.873", "references": [{"source": "security@opentext.com", "url": "https://portal.microfocus.com/s/article/KM000045854?language=en_US"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-204"}], "source": "security@opentext.com", "type": "Primary"}]}