CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-26398

SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle (MITM) attack against users. This vulnerability requires additional software not installed by default, local access to the server and administrator level privileges on the host.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 1.0%

CVSS Severity

CVSS v3 Score 5.6

References

Products affected by CVE-2025-26398

Solarwinds » Database Performance Analyzer » Version: 11.1.457

cpe:2.3:a:solarwinds:database_performance_analyzer:11.1.457
Solarwinds » Database Performance Analyzer » Version: 11.1.468

cpe:2.3:a:solarwinds:database_performance_analyzer:11.1.468
Solarwinds » Database Performance Analyzer » Version: 12.0.3074

cpe:2.3:a:solarwinds:database_performance_analyzer:12.0.3074
Solarwinds » Database Performance Analyzer » Version: 2021.3.7388

cpe:2.3:a:solarwinds:database_performance_analyzer:2021.3.7388
Solarwinds » Database Performance Analyzer » Version: 2021.3.7438

cpe:2.3:a:solarwinds:database_performance_analyzer:2021.3.7438
Solarwinds » Database Performance Analyzer » Version: 2023.2.100

cpe:2.3:a:solarwinds:database_performance_analyzer:2023.2.100

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-26398

Products

Pricing

Contact Us