Home

Description

Improper Authentication vulnerability in Delinea Inc. Secret Server On-Prem (RPC Password Rotation modules).This issue affects Secret Server On-Prem: 11.8.1, 11.9.6, 11.9.25. A secret with "change password on check in" enabled automatically checks in even when the password change fails after reaching its retry limit. This leaves the secret in an inconsistent state with the wrong password. Remediation: Upgrade to 11.9.47 or later. The secret will remain checked out when the password change fails.

PUBLISHED Reserved 2025-11-06 | Published 2026-01-27 | Updated 2026-01-27 | Assigner Delinea




MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/AU:Y/R:A

Problem types

CWE-287 Improper Authentication

Product status

Default status
unaffected

11.8.1
affected

11.9.6
affected

11.9.25
affected

References

trust.delinea.com/ exploit

docs.delinea.com/...rver/release-notes/ss-rn-11-9-000047.htm

trust.delinea.com/...id=48260de9-954d-45c2-9c66-2c9510798a0b

cve.org (CVE-2025-12810)

nvd.nist.gov (CVE-2025-12810)

Download JSON