CVE-2025-26398

Published: Aug 12, 2025Modified: Nov 17, 2025

6.4

Vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.5 / Impact: 5.9

Source: NVD

Description

SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle (MITM) attack against users. This vulnerability requires additional software not installed by default, local access to the server and administrator level privileges on the host.

Affected (1)

Products: Solarwinds: Database Performance Analyzer

1 product

Database Performance Analyzer

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Solarwinds Database Performance Analyzer	Before 2025.3

Related CWEs

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2025-3_release_notes.htm

Source: psirt@solarwinds.com

Release NotesVendor Advisory

https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26398

Source: psirt@solarwinds.com

PatchVendor Advisory

Timeline

No history available yet.