AI description
CVE-2025-12486 is a vulnerability affecting Heimdall Data Database Proxy. It is a Cross-Site Scripting Remote Code Execution vulnerability. Remote attackers can exploit this vulnerability to execute arbitrary code on installations of Heimdall Data Database Proxy. The vulnerability exists within the handling of database event logs due to the lack of proper validation of user-supplied data, which can lead to the injection of arbitrary script. Exploitation requires minimal user interaction. An attacker can leverage this vulnerability to interact with the application in the context of the target user.
- Description
- Heimdall Data Database Proxy Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Heimdall Data Database Proxy. Minimal user interaction is required to exploit this vulnerability. The specific flaw exists within the handling of the database event logs. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of arbitrary script. An attacker can leverage this vulnerability to interact with the application in the context of the target user. Was ZDI-CAN-24755.
- Source
- zdi-disclosures@trendmicro.com
- NVD status
- Awaiting Analysis
CVSS 3.0
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- zdi-disclosures@trendmicro.com
- CWE-79
- Hype score
- Not currently trending
[ZDI-25-980|CVE-2025-12486] Heimdall Data Database Proxy Cross-Site Scripting Remote Code Execution Vulnerability (CVSS 8.8; Credit: Mehmet INCE (@mdisec) from https://t.co/6vDTqE88yh) https://t.co/nov5juS6jD
@TheZDIBugs
10 Nov 2025
4504 Impressions
2 Retweets
7 Likes
0 Bookmarks
1 Reply
1 Quote
[CVE-2025-12486: HIGH] Critical vulnerability found in Heimdall Data Database Proxy allows remote attackers to run code on affected systems by injecting malicious scripts in event logs. Exploit details by ZD...#cve,CVE-2025-12486,#cybersecurity https://t.co/X8diVqGWJL https://t.c
@CveFindCom
7 Nov 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-12486 Heimdall Data Database Proxy Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affecte… https://t.co/0ykdPqLoFF
@CVEnew
6 Nov 2025
315 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Heimdall Data Database Proxy Cross-Site Scripting Remote Code Execution Vulnerability (CVE-2025-12486) #CVE202512486 #CyberSecurity #Heimdall #RemoteCodeExecutionVulnerability https://t.co/uoKvmRRYR9 https://t.co/O5ALcJzKVF
@SystemTek_UK
3 Nov 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes