Strix
26.1K

CVE-2025-12810

MEDIUMCVSS 5.3/10EPSS 0.40%

Last modified

CVE-2025-12810 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. Improper Authentication vulnerability in Delinea Inc. Secret Server On-Prem (RPC Password Rotation modules).This issue affects Secret Server On-Prem: 11.8.1, 11.9.6, 11.9.25. A secret with "change password on check in" enabled automatically checks in even when the password change fails after reaching its retry limit. EPSS estimates a 0.40% chance of exploitation in the next 30 days.

Description

Improper Authentication vulnerability in Delinea Inc. Secret Server On-Prem (RPC Password Rotation modules).This issue affects Secret Server On-Prem: 11.8.1, 11.9.6, 11.9.25. A secret with "change password on check in" enabled automatically checks in even when the password change fails after reaching its retry limit. This leaves the secret in an inconsistent state with the wrong password. Remediation: Upgrade to 11.9.47 or later. The secret will remain checked out when the password change fails.

Metrics

CVSS 3.1
6.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CVSS 4.0
5.3/10

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:X/U:X

EPSS Probability
0.40%

31.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
DelineaSecret Server11.8.000001
DelineaSecret Server11.9.000006
DelineaSecret Server11.9.000025

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2025-12810?
Improper Authentication vulnerability in Delinea Inc. Secret Server On-Prem (RPC Password Rotation modules).This issue affects Secret Server On-Prem: 11.8.1, 11.9.6, 11.9.25. A secret with "change password on check in" enabled automatically checks in even when the password change fails after reaching its retry limit. This leaves the secret in an inconsistent state with the wrong password. Remediation: Upgrade to 11.9.47 or later. The secret will remain checked out when the password change fails.
How severe is CVE-2025-12810?
CVE-2025-12810 has a CVSS score of 5.3/10 (MEDIUM severity). The EPSS model estimates a 0.40% probability of exploitation in the next 30 days.
How do I fix CVE-2025-12810?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-12810?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST