{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T15:32:03.303","vulnerabilities":[{"cve":{"id":"CVE-2025-26398","sourceIdentifier":"psirt@solarwinds.com","published":"2025-08-12T08:15:26.193","lastModified":"2025-11-17T16:10:05.080","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle (MITM) attack against users. This vulnerability requires additional software not installed by default, local access to the server and administrator level privileges on the host."},{"lang":"es","value":"Se descubrió que SolarWinds Database Performance Analyzer contenía una clave criptográfica codificada. Si se explota, esta vulnerabilidad podría provocar un ataque de máquina en el medio (MITM) contra los usuarios. Esta vulnerabilidad requiere software adicional no instalado por defecto, acceso local al servidor y privilegios de administrador en el host."}],"metrics":{"cvssMetricV31":[{"source":"psirt@solarwinds.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N","baseScore":5.6,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.3,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.5,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@solarwinds.com","type":"Secondary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:solarwinds:database_performance_analyzer:*:*:*:*:*:*:*:*","versionEndExcluding":"2025.3","matchCriteriaId":"7E94BDA9-997F-434F-AE62-D9CED8BDB2CF"}]}]}],"references":[{"url":"https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2025-3_release_notes.htm","source":"psirt@solarwinds.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26398","source":"psirt@solarwinds.com","tags":["Patch","Vendor Advisory"]}]}}]}