{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-6942", "assignerOrgId": "1443cd92-d354-46d2-9290-d812316ca43a", "state": "PUBLISHED", "assignerShortName": "Delinea", "dateReserved": "2025-06-30T22:28:26.930Z", "datePublished": "2025-07-02T15:49:16.894Z", "dateUpdated": "2025-07-02T19:46:25.837Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "modules": ["Distributed Engine"], "product": "Secret Server", "vendor": "Delinea", "versions": [{"lessThanOrEqual": "11.7.49", "status": "affected", "version": "0", "versionType": "Secret Server"}, {"lessThanOrEqual": "8.4.39.0", "status": "affected", "version": "0", "versionType": "Distributed Engine"}]}], "credits": [{"lang": "en", "type": "finder", "value": "NCIA researchers"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The distributed engine versions 8.4.39.0 and earlier of Secret Server versions 11.7.49 and earlier can be exploited during an initial authorization event that would allow an attacker to impersonate another distributed engine."}], "value": "The distributed engine versions 8.4.39.0 and earlier of Secret Server versions 11.7.49 and earlier can be exploited during an initial authorization event that would allow an attacker to impersonate another distributed engine."}], "impacts": [{"capecId": "CAPEC-22", "descriptions": [{"lang": "en", "value": "CAPEC-22 Exploiting Trust in Client"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1443cd92-d354-46d2-9290-d812316ca43a", "shortName": "Delinea", "dateUpdated": "2025-07-02T19:46:25.837Z"}, "references": [{"tags": ["release-notes"], "url": "https://docs.delinea.com/online-help/secret-server/release-notes/ss-rn-11-7-000060.htm"}, {"tags": ["release-notes"], "url": "https://docs.delinea.com/online-help/secret-server/release-notes/ss-rn-11-7-000061.htm"}, {"tags": ["release-notes"], "url": "https://docs.delinea.com/online-help/secret-server-changelog/secret-server-change-log.htm?cshid=secret-server-changelog#Friday,_November_22,_2024"}, {"tags": ["vendor-advisory"], "url": "https://trust.delinea.com/?tcuUid=2b68edca-7930-438d-b960-2d6da07cdde9"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-02T15:58:09.266658Z", "id": "CVE-2025-6942", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-02T15:58:13.977Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6942", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-02T15:58:09.266658Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-02T15:58:11.405Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "NCIA researchers"}], "impacts": [{"capecId": "CAPEC-22", "descriptions": [{"lang": "en", "value": "CAPEC-22 Exploiting Trust in Client"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.8, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Delinea", "modules": ["Distributed Engine"], "product": "Secret Server", "versions": [{"status": "affected", "version": "0", "versionType": "Secret Server", "lessThanOrEqual": "11.7.49"}, {"status": "affected", "version": "0", "versionType": "Distributed Engine", "lessThanOrEqual": "8.4.39.0"}], "defaultStatus": "affected"}], "references": [{"url": "https://docs.delinea.com/online-help/secret-server/release-notes/ss-rn-11-7-000060.htm", "tags": ["release-notes"]}, {"url": "https://docs.delinea.com/online-help/secret-server/release-notes/ss-rn-11-7-000061.htm", "tags": ["release-notes"]}, {"url": "https://docs.delinea.com/online-help/secret-server-changelog/secret-server-change-log.htm?cshid=secret-server-changelog#Friday,_November_22,_2024", "tags": ["release-notes"]}, {"url": "https://trust.delinea.com/?tcuUid=2b68edca-7930-438d-b960-2d6da07cdde9", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "The distributed engine versions 8.4.39.0 and earlier of Secret Server versions 11.7.49 and earlier can be exploited during an initial authorization event that would allow an attacker to impersonate another distributed engine.", "supportingMedia": [{"type": "text/html", "value": "The distributed engine versions 8.4.39.0 and earlier of Secret Server versions 11.7.49 and earlier can be exploited during an initial authorization event that would allow an attacker to impersonate another distributed engine.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "1443cd92-d354-46d2-9290-d812316ca43a", "shortName": "Delinea", "dateUpdated": "2025-07-02T19:46:25.837Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6942", "state": "PUBLISHED", "dateUpdated": "2025-07-02T19:46:25.837Z", "dateReserved": "2025-06-30T22:28:26.930Z", "assignerOrgId": "1443cd92-d354-46d2-9290-d812316ca43a", "datePublished": "2025-07-02T15:49:16.894Z", "assignerShortName": "Delinea"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The distributed engine versions 8.4.39.0 and earlier of Secret Server versions 11.7.49 and earlier can be exploited during an initial authorization event that would allow an attacker to impersonate another distributed engine."}, {"lang": "es", "value": "Las versiones 8.4.39.0 y anteriores del motor distribuido de las versiones 11.7.49 y anteriores de Secret Server pueden explotarse durante un evento de autorizaci\u00f3n inicial que permitir\u00eda a un atacante hacerse pasar por otro motor distribuido."}], "id": "CVE-2025-6942", "lastModified": "2025-07-03T15:13:53.147", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 0.3, "impactScore": 3.4, "source": "1443cd92-d354-46d2-9290-d812316ca43a", "type": "Secondary"}]}, "published": "2025-07-02T16:15:29.883", "references": [{"source": "1443cd92-d354-46d2-9290-d812316ca43a", "url": "https://docs.delinea.com/online-help/secret-server-changelog/secret-server-change-log.htm?cshid=secret-server-changelog#Friday,_November_22,_2024"}, {"source": "1443cd92-d354-46d2-9290-d812316ca43a", "url": "https://docs.delinea.com/online-help/secret-server/release-notes/ss-rn-11-7-000060.htm"}, {"source": "1443cd92-d354-46d2-9290-d812316ca43a", "url": "https://docs.delinea.com/online-help/secret-server/release-notes/ss-rn-11-7-000061.htm"}, {"source": "1443cd92-d354-46d2-9290-d812316ca43a", "url": "https://trust.delinea.com/?tcuUid=2b68edca-7930-438d-b960-2d6da07cdde9"}], "sourceIdentifier": "1443cd92-d354-46d2-9290-d812316ca43a", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "1443cd92-d354-46d2-9290-d812316ca43a", "type": "Secondary"}]}

{}

{"created": "2025-07-06T22:16:24.735754+00:00", "updated": "2025-07-06T22:16:24.735827+00:00", "vendors": ["delinea", "delinea$PRODUCT$secret_server"]}