CVE-2025-6942
BaseFortify
Publication date: 2025-07-02
Last updated on: 2025-07-03
Assigner: Delinea
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in Secret Server versions 11.7.49 and earlier involves the distributed engine. During an initial authorization event, an attacker could exploit this flaw to impersonate another distributed engine, potentially gaining unauthorized access or privileges within the system.
How can this vulnerability impact me? :
This vulnerability could allow an attacker to impersonate a distributed engine during authorization, which may lead to unauthorized access, data exposure, or manipulation within the Secret Server environment. The impact includes potential confidentiality, integrity, and availability losses, although the CVSS score indicates a relatively low severity with limited impact.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability affects Secret Server versions 11.7.49 and earlier. To mitigate this vulnerability, upgrade the Secret Server distributed engine and related components to version 11.7.000061 or later, which includes updates to the Distributed Engine addressing this issue. Note that protocol handler versions 6.0.3.26 or lower require manual upgrades, so ensure these are updated accordingly. No other specific mitigation steps are provided. [3]