SolarWinds Database Performance Analyzer Hard-coded Cryptographic Key Vulnerability

(CVE-2025-26398)

Summary

SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle (MiTM) attack against users. This vulnerability requires additional software not installed by default, local access to the server and administrator level privileges on the host.

Affected Products

SolarWinds Database Performance Analyzer 2025.2 and previous versions

Fixed Software Release

SolarWinds Database Performance Analyzer 2025.3

Advisory Detail

Severity

5.6 Medium

Advisory ID

CVE-2025-26398

First Published

08/12/2025

Fixed Version

SolarWinds Database Performance Analyzer 2025.3

CVSS Score

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N