Impersonation Vulnerability in Secret Server by Delinea's Distributed Engine
CVE-2025-6942

3.8LOW

Key Information:

Vendor: Delinea
Status: Secret Server
Vendor: CVE Published:; 2 July 2025

🔔 Create Delinea Vulnerability Alert

What is CVE-2025-6942?

An exploitation risk exists within the distributed engine of Secret Server, specifically in versions 11.7.49 and earlier. During the initial authorization process, an attacker may gain the ability to impersonate another distributed engine, compromising the integrity of the system. This vulnerability highlights the need for users to assess their configurations and updates to prevent unauthorized access.

Affected Version(s)

Secret Server 0 <= 11.7.49

Secret Server 0 <= 11.7.49

Secret Server 0 <= 8.4.39.0

References

https://docs.delinea.com/online-help/secret-server/releas...

https://docs.delinea.com/online-help/secret-server/releas...

https://docs.delinea.com/online-help/secret-server-change...

CVSS V3.1

Score:

3.8

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 2, 2025
Vulnerability Reserved
Jun 30, 2025

Credit

NCIA researchers

.

CVE-2025-6942 : Impersonation Vulnerability in Secret Server by Delinea's Distributed Engine