AI description
CVE-2025-26701 is a security vulnerability found in Percona Monitoring and Management (PMM) Open Virtual Appliance (OVA) installations, specifically versions 2.38 and above, and before version 3.0.0-1. This vulnerability does not affect Docker or Amazon Machine Images (AMIs). The vulnerability stems from default service account credentials in the OVA provisioning, which can lead to unauthorized SSH access, privilege escalation to root via sudo capabilities, and potential exposure of service credentials and configurations. Successful exploitation could allow an attacker to gain unauthorized root access to database environments.
- Description
- An issue was discovered in Percona PMM Server (OVA) before 3.0.0-1.ova. The default service account credentials can lead to SSH access, use of Sudo to root, and sensitive data exposure. This is fixed in PMM2 2.42.0-1.ova, 2.43.0-1.ova, 2.43.1-1.ova, 2.43.2-1.ova, and 2.44.0-1.ova and in PMM3 3.0.0-1.ova and later.
- Source
- cve@mitre.org
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- cve@mitre.org
- CWE-1393
- Hype score
- Not currently trending
【リンク集:3月14日〜17日のセキュリティ関連ニュース/記事】 <脆弱性> ・Cisco IOS XRの脆弱性により、ルーターのBGPがクラッシュ可能に(CVE-2025-20115) https://t.co/vXVVKeKZSj ・CVE-2025-26701 (CVSS 10):Percona製PMM OVAの利用者が不正アクセスの危機にさらされる… https://t.co/4e7jQlMYJa
@MachinaRecord
17 Mar 2025
79 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 CVE-2025-26701 (CVSS 10): Percona PMM OVA Users at Risk of Unauthorized Access 📊 14K+ Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/m95GyTvw1F 👇Query HUNTER : https://t.co/q9rtuGgxk7="Percona PMM" 📰Refer:https://t.co/cJc57qkaJQ…
@HunterMapping
17 Mar 2025
2221 Impressions
9 Retweets
29 Likes
15 Bookmarks
2 Replies
0 Quotes
CVE-2025-26701 (CVSS 10): Percona PMM OVA Users at Risk of Unauthorized Access Learn about CVE-2025-26701, a critical security vulnerability in PMM that allows unauthorized root access to database environments. https://t.co/YFStJhiNCT
@the_yellow_fall
15 Mar 2025
791 Impressions
2 Retweets
8 Likes
2 Bookmarks
0 Replies
1 Quote
🚨 CVE-2025-26701 ⚠️🔴 CRITICAL (10) 🏢 Percona - Monitoring and Management 🏗️ 2.38 🔗 https://t.co/eq4GBpBChT #CyberCron #VulnAlert #InfoSec https://t.co/IthR3jM8ud
@cybercronai
13 Mar 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-26701 An issue was discovered in Percona PMM Server (OVA) before 3.0.0-1.ova. The default service account credentials can lead to SSH access, use of Sudo to root, and sensi… https://t.co/lMyuWFYY4K
@CVEnew
11 Mar 2025
155 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes