cbcvebase.
CVE-2025-26398
published 2025-08-12

CVE-2025-26398: SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a…

PriorityP428medium6.4CVSS 3.1
AVLACHPRHUINSUCHIHAH
EPSS
0.17%
6.5th percentile
SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle (MITM) attack against users. This vulnerability requires additional software not installed by default, local access to the server and administrator level privileges on the host.

Affected

2 ranges
VendorProductVersion rangeFixed in
solarwindsdatabase_performance_analyzer< 2025.32025.3
solarwindsdatabase_performance_analyzer
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.