CVE-2025-26701
10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
An issue was discovered in Percona PMM Server (OVA) before 3.0.0-1.ova. The default service account credentials can lead to SSH access, use of Sudo to root, and sensitive data exposure. This is fixed in PMM2 2.42.0-1.ova, 2.43.0-1.ova, 2.43.1-1.ova, 2.43.2-1.ova, and 2.44.0-1.ova and in PMM3 3.0.0-1.ova and later.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Percona | Monitoring and Management | 2.38 < 2.42.0-1.ova | affected |
| Percona | Monitoring and Management | 2.43.0 < 2.43.0-1.ova | affected |
| Percona | Monitoring and Management | 2.43.1 < 2.43.1-1.ova | affected |
| Percona | Monitoring and Management | 2.43.2 < 2.43.2-1.ova | affected |
| Percona | Monitoring and Management | 2.44.0 < 2.44.0-1.ova | affected |
| Percona | Monitoring and Management | 3.0.0 < 3.0.0-1.ova | affected |
Weaknesses
- CWE-1393: CWE-1393 Use of Default Password
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.