Severity by source
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords.
This issue affects Avantra: before 25.3.0.
AnalysisAI
Default credential exposure in syslink software AG Avantra (all versions before 25.3.0) on Linux and Windows allows a local attacker with high-privilege access to authenticate using known default passwords, achieving high confidentiality impact against monitoring data and infrastructure configurations managed by the platform. Reported by NCSC.ch and addressed in version 25.3.0, this CWE-1393 flaw represents an insider threat or post-compromise lateral movement risk for organizations running Avantra in SAP and IT operations environments. No public exploit code has been identified and the vulnerability is not listed in CISA KEV at time of analysis.
Technical ContextAI
Avantra is an IT infrastructure and SAP systems monitoring platform developed by syslink software AG, deployed on Linux and Windows hosts. The root cause is CWE-1393 (Use of Default Credentials): the software ships with hardcoded or well-known default passwords that are not enforced to change during installation or initial setup, providing a predictable authentication pathway to any party aware of the defaults. The full CPE string cpe:2.3:a:syslink_software_ag:avantra:*:*:*:*:*:*:*:* covers all Avantra versions across all configurations on both supported platforms. The CVSS vector AV:L/AC:L/PR:H/UI:N reflects that exploitation occurs locally with low complexity once an attacker is already operating at high-privilege on the host - consistent with scenarios where default credentials are used to access an application layer running atop an already-compromised or insider-accessible system. The 'Microsoft' tag in the source metadata may indicate relevance to Windows Active Directory-integrated deployments or Windows-specific Avantra configurations.
RemediationAI
The primary fix is upgrading Avantra to version 25.3.0 or later, as confirmed by the description ('before 25.3.0') and the vendor advisory at https://support.avantra.com/hc/en-us/articles/5535551609759. For organizations unable to upgrade immediately, all default credentials within the Avantra application must be changed at once - administrators should audit every Avantra account for unchanged default or weak passwords and enforce strong, unique credentials; this directly eliminates the exploitable condition with no functional trade-off. Additionally, restrict local and administrative access to Avantra host systems to only authorized, named personnel to reduce the pool of users who could attempt default credential use. Review Avantra authentication logs for any historical login attempts using known default credential patterns to assess prior exposure. Implementing least-privilege access on the host OS for Avantra service accounts on both Linux and Windows further reduces blast radius if default credentials are discovered.
Same weakness CWE-1393 – Use of Default Password
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31437
GHSA-hhj7-5v62-787q