216.73.217.50

CVE-2025-26398

· Published 12/08/2025 08:15 · Modified 12/08/2025 14:25

Labels: CVE-2025-26398 2025-08-12CVE-2025-26398CWE-798[email protected]

Essential information

Published
12/08/2025 08:15
Modified
12/08/2025 14:25
Author
Creator
CVSS
5.6 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N

CVSS metrics

Description

SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle (MITM) attack against users. This vulnerability requires additional software not installed by default, local access to the server and administrator level privileges on the host.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
solarwinds / database performance analyzer cpe:2.3:a:solarwinds:database_performance_analyzer:*:*:*:*:*:*:*:*

References