CVE-2025-26398

MEDIUM 5.6

SolarWinds Database Performance Analyzer Hard-coded Cryptographic Key Vulnerability

CVSS Score

5.6

EPSS Score

0.0%

EPSS Percentile

0th

SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle (MITM) attack against users. This vulnerability requires additional software not installed by default, local access to the server and administrator level privileges on the host.

CWE	CWE-798
Vendor	solarwinds
Product	database performance analyzer
Published	Aug 12, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for solarwinds database performance analyzer

Be the first to know when new medium vulnerabilities affecting solarwinds database performance analyzer are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Affected Versions

SolarWinds / Database Performance Analyzer

2025.2 and below

References

NVD ↗ CVE.org ↗ EPSS Data ↗

solarwinds.com: https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26398 documentation.solarwinds.com: https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2025-3_release_notes.htm