CVE-2026-25202

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions MagicINFO 9 Server versions prior to 21.1090.1

Description The database account and password are hardcoded, which allows login with the account to manipulate the database. This compromises the integrity and confidentiality of the database.

Recommendations Update MagicINFO 9 Server to version 21.1090.1 or later.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

BDU:2026-01068

CVE-2026-25202

Affected Products

Magicinfo 9 Server

CVE-2026-25202

Weakness Enumeration

Related Identifiers

Affected Products

References · 14