CVE-2025-6942

Published: Jul 2, 2025Modified: Jul 3, 2025

3.8

Vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

Exploitability: 0.3 / Impact: 3.4

Source: 1443cd92-d354-46d2-9290-d812316ca43a (Secondary)

Description

The distributed engine versions 8.4.39.0 and earlier of Secret Server versions 11.7.49 and earlier can be exploited during an initial authorization event that would allow an attacker to impersonate another distributed engine.

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (4)

https://docs.delinea.com/online-help/secret-server-changelog/secret-server-change-log.htm?cshid=secret-server-changelog#Friday,_November_22,_2024

Source: 1443cd92-d354-46d2-9290-d812316ca43a

https://docs.delinea.com/online-help/secret-server/release-notes/ss-rn-11-7-000060.htm

Source: 1443cd92-d354-46d2-9290-d812316ca43a

https://docs.delinea.com/online-help/secret-server/release-notes/ss-rn-11-7-000061.htm

Source: 1443cd92-d354-46d2-9290-d812316ca43a

https://trust.delinea.com/?tcuUid=2b68edca-7930-438d-b960-2d6da07cdde9

Source: 1443cd92-d354-46d2-9290-d812316ca43a

Timeline

No history available yet.