CVE-2025-26398 – SolarWinds Database Performance Analyzer contai... (How to Fix)

Q: What is the severity of CVE-2025-26398?

CVE-2025-26398 has a CVSS score of 5.6 (MEDIUM). SolarWinds Database Performance Analyzer contains a hard-coded cryptographic key that could enable machine-in-the-middle attacks if exploited. This affects organizations using vulnerable versions of SolarWinds DPA. Exploitation requires local server access with administrator privileges and additional non-default software.

📋 TL;DR

SolarWinds Database Performance Analyzer contains a hard-coded cryptographic key that could enable machine-in-the-middle attacks if exploited. This affects organizations using vulnerable versions of SolarWinds DPA. Exploitation requires local server access with administrator privileges and additional non-default software.

💻 Affected Systems

Products:

SolarWinds Database Performance Analyzer

Versions: Versions prior to 2025.3

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default configuration but requires additional non-default software and local admin access to exploit.

📦 What is this software?

Database Performance Analyzer by Solarwinds

View all CVEs affecting Database Performance Analyzer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers with local admin access could intercept and manipulate encrypted communications between DPA components, potentially leading to data theft, credential compromise, or further system compromise.

🟠

Likely Case

Limited impact due to multiple required conditions (local admin access + additional software). Most probable scenario involves insider threats or attackers who have already compromised the host.

🟢

If Mitigated

With proper access controls and monitoring, impact is minimal as exploitation requires significant pre-existing access.

🌐 Internet-Facing: LOW - Exploitation requires local access to the server, not remote network access.

🏢 Internal Only: MEDIUM - Requires local admin access, which reduces attack surface but still poses risk from insiders or compromised accounts.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires: 1) Local access to server, 2) Administrator privileges, 3) Additional software not installed by default. This significantly reduces practical exploitability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2025.3 or later

Vendor Advisory: https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26398

Restart Required: No

Instructions:

1. Download SolarWinds DPA 2025.3 or later from SolarWinds portal. 2. Follow standard upgrade procedures per SolarWinds documentation. 3. Verify successful upgrade and functionality.

🔧 Temporary Workarounds

Restrict Local Access

all

Limit local administrative access to DPA servers to only necessary personnel

Monitor Administrative Activity

all

Implement logging and monitoring for local administrative actions on DPA servers

🧯 If You Can't Patch

Implement strict access controls to limit who has local administrative access to DPA servers
Monitor for unusual administrative activity or attempts to install additional software on DPA servers

🔍 How to Verify

Check if Vulnerable:

Check DPA version in web interface or via 'About' section. Versions below 2025.3 are vulnerable.

Check Version:

Check DPA web interface -> Help -> About, or consult SolarWinds documentation for CLI version check

Verify Fix Applied:

Verify DPA version is 2025.3 or later in the web interface or About section.

📡 Detection & Monitoring

Log Indicators:

Unusual local administrative logins to DPA servers
Installation of unauthorized software on DPA servers

Network Indicators:

Unexpected network traffic patterns from DPA servers

SIEM Query:

source="DPA_SERVER" AND (event_type="admin_login" OR process="software_install")

📊 Metadata

CVE ID: CVE-2025-26398

CVSS v3 Score: 5.6 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N

CWE: CWE-798

EPSS Score: 0.01% exploit probability (0.5th percentile)

Published: August 12, 2025

Last Updated: November 17, 2025

🔗 References

https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2025-3_release_notes.htm Release Notes,Vendor Advisory
https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26398 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-26398, you might also want to check these: