- Description
- Heimdall Data Database Proxy Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Heimdall Data Database Proxy. Minimal user interaction is required to exploit this vulnerability. The specific flaw exists within the handling of the database event logs. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of arbitrary script. An attacker can leverage this vulnerability to interact with the application in the context of the target user. Was ZDI-CAN-24755.
- Source
- zdi-disclosures@trendmicro.com
- NVD status
- Awaiting Analysis
CVSS 3.0
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- zdi-disclosures@trendmicro.com
- CWE-79
- Hype score
- Not currently trending
[ZDI-25-980|CVE-2025-12486] Heimdall Data Database Proxy Cross-Site Scripting Remote Code Execution Vulnerability (CVSS 8.8; Credit: Mehmet INCE (@mdisec) from https://t.co/6vDTqE88yh) https://t.co/nov5juS6jD
@TheZDIBugs
10 Nov 2025
4504 Impressions
2 Retweets
7 Likes
0 Bookmarks
1 Reply
1 Quote
[CVE-2025-12486: HIGH] Critical vulnerability found in Heimdall Data Database Proxy allows remote attackers to run code on affected systems by injecting malicious scripts in event logs. Exploit details by ZD...#cve,CVE-2025-12486,#cybersecurity https://t.co/X8diVqGWJL https://t.c
@CveFindCom
7 Nov 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-12486 Heimdall Data Database Proxy Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affecte… https://t.co/0ykdPqLoFF
@CVEnew
6 Nov 2025
315 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Heimdall Data Database Proxy Cross-Site Scripting Remote Code Execution Vulnerability (CVE-2025-12486) #CVE202512486 #CyberSecurity #Heimdall #RemoteCodeExecutionVulnerability https://t.co/uoKvmRRYR9 https://t.co/O5ALcJzKVF
@SystemTek_UK
3 Nov 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes