Impersonation Vulnerability in Secret Server by Delinea's Distributed Engine
CVE-2025-6942

3.8LOW

Key Information:

Vendor

Delinea

Status
Secret Server
Vendor
CVE Published:
2 July 2025

What is CVE-2025-6942?

An exploitation risk exists within the distributed engine of Secret Server, specifically in versions 11.7.49 and earlier. During the initial authorization process, an attacker may gain the ability to impersonate another distributed engine, compromising the integrity of the system. This vulnerability highlights the need for users to assess their configurations and updates to prevent unauthorized access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Secret Server 0 <= 11.7.49

Secret Server 0 <= 11.7.49

Secret Server 0 <= 8.4.39.0

References

https://docs.delinea.com/online-help/secret-server/releas...
release-notes
https://docs.delinea.com/online-help/secret-server/releas...
release-notes
https://docs.delinea.com/online-help/secret-server-change...
release-notes

CVSS V3.1

Score:
3.8
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

NCIA researchers
JSON
.