What is CVE-2025-26701?

CVE-2025-26701 is a critical-severity vulnerability in Percona Monitoring And Management, classified under CWE-1393. CVSS score: 10.0/10. Published 2025-03-11.

How severe is CVE-2025-26701?

Critical severity. CVSS v3 base score is 10.0 out of 10.

Vulnerability in Percona Monitoring And Management

CVE-2025-26701

An issue was discovered in Percona PMM Server (OVA) before 3.0.0-1.ova. The default service account credentials can lead to SSH access, use of Sudo to root, and sensitive data exposure. This is fixed in PMM2 2.42.0-1.ova, 2.43.0-1.ova, 2.4…

EPSS: 0.002 (38.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

Affected products

Percona Monitoring And Management — versions 2.38, 2.43.0, 2.43.1

Weakness classification (CWE)

CWE-1393

References

www.percona.com/blog/security-advisory-cve-affecting-percona-monitoring-and-man…

Frequently asked questions

What is CVE-2025-26701?: CVE-2025-26701 is a critical-severity vulnerability in Percona Monitoring And Management, classified under CWE-1393. CVSS score: 10.0/10. Published 2025-03-11.
How severe is CVE-2025-26701?: Critical severity. CVSS v3 base score is 10.0 out of 10.