Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
PostgreSQL and Admin Credentials Exposed When SOCKS Proxy is Enabled
CVE-2025-13957
Summary
When SOCKS Proxy is enabled, sensitive admin and PostgreSQL database credentials are left exposed, potentially allowing unauthorized access and data theft. This is a significant risk, especially if an attacker gains access to a system with these credentials. To mitigate this, ensure SOCKS Proxy is disabled unless necessary for your specific use case.
Original title
CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information disclosure and remote code execution when SOCKS Proxy is enabled, and administrator credentials and PostgreS...
Original description
CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information disclosure and remote code execution when SOCKS Proxy is enabled, and administrator credentials and PostgreSQL database credentials are known. SOCKS Proxy is disabled by default.
nvd CVSS4.0
7.5
Vulnerability type
CWE-798
Use of Hard-coded Credentials
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026