CVE-2025-26701

CRITICAL Year: 2025
CVSS v3 Score
10.0
Critical
Weakness Type
CWE-1393
View all →

Vulnerability Description

An issue was discovered in Percona PMM Server (OVA) before 3.0.0-1.ova. The default service account credentials can lead to SSH access, use of Sudo to root, and sensitive data exposure. This is fixed in PMM2 2.42.0-1.ova, 2.43.0-1.ova, 2.43.1-1.ova, 2.43.2-1.ova, and 2.44.0-1.ova and in PMM3 3.0.0-1.ova and later.

Related Vulnerabilities

CVE-2022-4126

CRITICAL
CVSS:9.8(Critical)

Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, MacOS allows Try Common or Default Usernames and Passwords.This issue affects RCCMD: before 4.40 230207.

CWE-13932022

CVE-2023-25131

CRITICAL
CVSS:9.8(Critical)

Use of default password vulnerability in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remot...

CWE-13932023

CVE-2023-28094

CRITICAL
CVSS:9.8(Critical)

Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x may be utilizing default credentials.

CWE-13932023

CVE-2023-32090

CRITICAL
CVSS:9.8(Critical)

Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials

CWE-13932023

CVE-2023-45249

CRITICAL
CVSS:9.8(Critical)

Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, Acronis Cyber Infrastructure (ACI) before build...

CWE-13932023

CVE-2024-29666

CRITICAL
CVSS:9.8(Critical)

Insecure Permissions vulnerability in Vehicle Monitoring platform system CMSV6 v.7.31.0.2 through v.7.32.0.3 allows a remote attacker to escalate privileges via the default password component.

CWE-13932024