CVE-2025-6942

The distributed engine versions 8.4.39.0 and earlier of Secret Server versions 11.7.49 and earlier can be exploited during an initial authorization event that would allow an attacker to impersonate another distributed engine.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.8 LOW
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
DelineaCNA
3.8 LOW
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://docs.delinea.com/online-help/secret-server-changelog/secret-server-change-log.htm?cshid=secret-server-changelog#Friday,_November_22,_2024
https://docs.delinea.com/online-help/secret-server/release-notes/ss-rn-11-7-000060.htm
https://docs.delinea.com/online-help/secret-server/release-notes/ss-rn-11-7-000061.htm
https://trust.delinea.com/?tcuUid=2b68edca-7930-438d-b960-2d6da07cdde9