SolarWinds Database Performance Analyzer Hard-coded Cryptographic Key Vulnerability (CVE-2025-26398)

Summary

SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle (MiTM) attack against users. This vulnerability requires additional software not installed by default, local access to the server and administrator level privileges on the host.

Affected Products

SolarWinds Database Performance Analyzer 2025.2 and previous versions

Fixed Software Release

SolarWinds Database Performance Analyzer 2025.3

Advisory Detail
Severity
Medium
Advisory ID

CVE-2025-26398

First Published
08/12/2025
Fixed Version

SolarWinds Database Performance Analyzer 2025.3

CVSS Score

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N

Download PDF
Send an Email