TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2025-26398

MEDIUM
5.6

Beschreibung

SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle (MITM) attack against users. This vulnerability requires additional software not installed by default, local access to the server and administrator level privileges on the host.

CVE Details

CVSS v3.1 Bewertung5.6
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
AngriffsvektorLOCAL
KomplexitatHIGH
Erforderliche PrivilegienHIGH
BenutzerinteraktionREQUIRED
Veroffentlicht8/12/2025
Zuletzt geandert11/17/2025
Quellenvd
Honeypot-Sichtungen0

Betroffene Produkte

solarwinds:database_performance_analyzer

Schwachen (CWE)

CWE-798

Referenzen

https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2025-3_release_notes.htm(psirt@solarwinds.com)
https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26398(psirt@solarwinds.com)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.