Cross-Site Scripting Vulnerability in Heimdall Data Database Proxy
CVE-2025-12486

8.8HIGH

Key Information:

Vendor: Heimdall Data
Status: Database Proxy
Vendor: CVE Published:; 6 November 2025

🔔 Create Heimdall Data Vulnerability Alert

What is CVE-2025-12486?

The Heimdall Data Database Proxy contains a vulnerability that allows remote attackers to execute arbitrary code through cross-site scripting. This issue arises from improper validation of user-supplied data in the database event logs, enabling attackers to inject malicious scripts. The flaw requires minimal user interaction, allowing attackers to compromise applications in the context of the targeted user effectively.

Affected Version(s)

Database Proxy 23.11.06.1

References

https://www.zerodayinitiative.com/advisories/ZDI-25-980/

x_research-advisory

CVSS V3.0

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 6, 2025
Vulnerability Reserved
Oct 29, 2025

JSON