CVE-2025-6942

low

Description

The distributed engine versions 8.4.39.0 and earlier of Secret Server versions 11.7.49 and earlier can be exploited during an initial authorization event that would allow an attacker to impersonate another distributed engine.

References

https://trust.delinea.com/?tcuUid=2b68edca-7930-438d-b960-2d6da07cdde9

https://docs.delinea.com/online-help/secret-server/release-notes/ss-rn-11-7-000061.htm

https://docs.delinea.com/online-help/secret-server/release-notes/ss-rn-11-7-000060.htm

https://docs.delinea.com/online-help/secret-server-changelog/secret-server-change-log.htm?cshid=secret-server-changelog#Friday,_November_22,_2024

Details

Source: Mitre, NVD

Published: 2025-07-02

Updated: 2026-04-15

Risk Information

CVSS v2

Base Score: 3.4

Vector: CVSS2#AV:L/AC:H/Au:M/C:P/I:P/A:P

Severity: Low

CVSS v3

Base Score: 3.8

Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

Severity: Low

EPSS

EPSS: 0.00011

Detections

Analytics