CVE-2025-26701

CRITICAL
2025-03-11 [email protected]
10.0
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 19:52 vuln.today
CVE Published
Mar 11, 2025 - 18:15 nvd
CRITICAL 10.0

Tags

Ssh Privilege Escalation Information Disclosure Authentication Bypass

Description

An issue was discovered in Percona PMM Server (OVA) before 3.0.0-1.ova. The default service account credentials can lead to SSH access, use of Sudo to root, and sensitive data exposure. This is fixed in PMM2 2.42.0-1.ova, 2.43.0-1.ova, 2.43.1-1.ova, 2.43.2-1.ova, and 2.44.0-1.ova and in PMM3 3.0.0-1.ova and later.

Analysis

Percona PMM Server OVA images ship with default service account credentials that grant SSH access and sudo to root, exposing all monitoring data and managed database credentials. The scope change reflects that compromising the monitoring server gives access to all monitored infrastructure.

Technical Context

The OVA image includes a service account with hardcoded default credentials (CWE-1393). An attacker who discovers an exposed PMM Server can SSH in with default credentials and immediately sudo to root. Since PMM stores credentials for all monitored databases, this is a pivot point to the entire database fleet.

Affected Products

Percona PMM Server OVA before PMM2 2.42.0-1.ova and PMM3 3.0.0-1.ova

Remediation

Upgrade to PMM2 >= 2.42.0 or PMM3 >= 3.0.0. Change all default credentials immediately. Never expose PMM Server to the internet. Rotate all monitored database credentials if exposure is suspected.

Priority Score

50
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +50
POC: 0

Share

CVE-2025-26701 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy