Security Advisories
This page provides timely updates on software vulnerabilities, patches, and security-related issues that may impact our products or services. We’re committed to transparency and proactive communication to help you stay informed and protected.
Check back regularly for the latest advisories, mitigation guidance, and best practices to ensure your systems remain secure.
-
The distributed engine of Secret Server version 11.7.49 and earlier allows an attacker to impersonate another distributed engine by exploiting a vulnerability in an initial authorization event.
Affected Product and Version
Delinea Secret Server on-prem version 11.7.49 and earlierResolution
Upgrade to Secret Server version 11.7.60 or laterCVE Details
- CVE ID: CVE-2025-6942
- Published Date: July 2, 2025
- Vulnerability Type: Authorization Bypass Through User-Controlled Key
- CWE: 639
- CVSS v3 Score: 3.8
- CVSS v3 Vector: AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
-
Secret Server version 11.7.49 and earlier allows an administrator to gain access to restricted tables by exploiting a vulnerability in the SQL report creation functionality.
Affected Product and Version
Delinea Secret Server on-prem version 11.7.49 and earlierResolution
Upgrade to Secret Server version 11.7.60 or laterCVE Details
- CVE ID: CVE-2025-6943
- Published Date: July 2, 2025
- Vulnerability Type: Improper Privilege Management
- CWE: 269
- CVSS v3 Score: 3.8
- CVSS v3 Vector: AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
Delinea makes no warranties of any kind, whether express, implied, statutory, or otherwise, and specifically, disclaims all warranties of fitness for a particular purpose, merchantability, accuracy of informational content, systems integration, non-infringement, non-interference with enjoyment or otherwise. Under no circumstances shall Delinea be liable for any damages whatsoever including direct, indirect, special, punitive or consequential loss or damage, including loss of profits, loss of business, loss of revenue, loss of or damage to goodwill, or loss of data. The foregoing exclusions will not apply to the extent prohibited by applicable law.