CVE-2025-12810

EUVD-2025-206382

27.01.2026, 20:16

Improper Authentication vulnerability in Delinea Inc. Secret Server On-Prem (RPC Password Rotation modules).This issue affects Secret Server On-Prem: 11.8.1, 11.9.6, 11.9.25.

A secret with "change password on check in" enabled automatically checks in even when the password change fails after reaching its retry limit. This leaves the secret in an inconsistent state with the wrong password.

Remediation: Upgrade to 11.9.47 or later. The secret will remain checked out when the password change fails.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 5%

Affected Products (NVD)

Vendor	Product	Version
delinea	secret_server	11.8.000001
delinea	secret_server	11.9.000006
delinea	secret_server	11.9.000025

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-287 - Improper Authentication
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

References

https://docs.delinea.com/online-help/secret-server/release-notes/ss-rn-11-9-000047.htm

https://trust.delinea.com/?tcuUid=48260de9-954d-45c2-9c66-2c9510798a0b

https://trust.delinea.com/