CVE-2025-12810

MEDIUM

Delinea Inc. Secret Server On-Prem - Improper Authentication

Title source: llm

Description

Improper Authentication vulnerability in Delinea Inc. Secret Server On-Prem (RPC Password Rotation modules).This issue affects Secret Server On-Prem: 11.8.1, 11.9.6, 11.9.25. A secret with "change password on check in" enabled automatically checks in even when the password change fails after reaching its retry limit. This leaves the secret in an inconsistent state with the wrong password. Remediation: Upgrade to 11.9.47 or later. The secret will remain checked out when the password change fails.

References (3)

[Release Notes] https://docs.delinea.com/online-help/secret-server/release-notes/ss-rn-11-9-000047.htm

[Vendor Advisory] https://trust.delinea.com/?tcuUid=48260de9-954d-45c2-9c66-2c9510798a0b

[Product] https://trust.delinea.com/

Scores

CVSS v3 6.5

EPSS 0.0004

EPSS Percentile 11.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-287

Status published

Products (3)

delinea/secret_server 11.8.000001

delinea/secret_server 11.9.000006

delinea/secret_server 11.9.000025

Published Jan 27, 2026

Tracked Since Feb 18, 2026