CVE-2025-12486
NONE EPSS 31.5%
Published Nov 6, 20257mo ago · Modified Jun 17, 20262w ago
Published Nov 6, 2025 7mo ago
Last Modified Jun 17, 2026 2w ago
Description
Heimdall Data Database Proxy Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Heimdall Data Database Proxy. Minimal user interaction is required to exploit this vulnerability. The specific flaw exists within the handling of the database event logs. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of arbitrary script. An attacker can leverage this vulnerability to interact with the application in the context of the target user. Was ZDI-CAN-24755.
Threat Intelligence
EPSS Exploit Probability
31.5% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-79 Cross-site Scripting Injection
References 1
- zerodayinitiative.com https://www.zerodayinitiative.com/advisories/ZDI-25-980/
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.