TROYANOSYVIRUS
Volver a CVEs

CVE-2025-26398

MEDIUM
5.6

Descripcion

SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle (MITM) attack against users. This vulnerability requires additional software not installed by default, local access to the server and administrator level privileges on the host.

Detalles CVE

Puntuacion CVSS v3.15.6
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
Vector de ataqueLOCAL
ComplejidadHIGH
Privilegios requeridosHIGH
Interaccion usuarioREQUIRED
Publicado8/12/2025
Ultima modificacion11/17/2025
Fuentenvd
Avistamientos honeypot0

Productos afectados

solarwinds:database_performance_analyzer

Debilidades (CWE)

CWE-798

Referencias

https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2025-3_release_notes.htm(psirt@solarwinds.com)
https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26398(psirt@solarwinds.com)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.