Skip to main content

SSH CVE-2025-26701

CRITICAL
Use of Default Password (CWE-1393)
2025-03-11 cve@mitre.org
Authentication Bypass Privilege Escalation Information Disclosure SSH
10.0
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 19:52 vuln.today
CVE Published
Mar 11, 2025 - 18:15 nvd
CRITICAL 10.0

DescriptionNVD

An issue was discovered in Percona PMM Server (OVA) before 3.0.0-1.ova. The default service account credentials can lead to SSH access, use of Sudo to root, and sensitive data exposure. This is fixed in PMM2 2.42.0-1.ova, 2.43.0-1.ova, 2.43.1-1.ova, 2.43.2-1.ova, and 2.44.0-1.ova and in PMM3 3.0.0-1.ova and later.

AnalysisAI

Percona PMM Server OVA images ship with default service account credentials that grant SSH access and sudo to root, exposing all monitoring data and managed database credentials. The scope change reflects that compromising the monitoring server gives access to all monitored infrastructure.

Technical ContextAI

The OVA image includes a service account with hardcoded default credentials (CWE-1393). An attacker who discovers an exposed PMM Server can SSH in with default credentials and immediately sudo to root. Since PMM stores credentials for all monitored databases, this is a pivot point to the entire database fleet.

Affected ProductsAI

Percona PMM Server OVA before PMM2 2.42.0-1.ova and PMM3 3.0.0-1.ova

RemediationAI

Upgrade to PMM2 >= 2.42.0 or PMM3 >= 3.0.0. Change all default credentials immediately. Never expose PMM Server to the internet. Rotate all monitored database credentials if exposure is suspected.

Share

CVE-2025-26701 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy