CVE-2024-25652 HIGH

CVE-2024-25652

Vendor Delinea
Product Secret Server
Weakness CWE-287 · Improper authentication
Published March 14, 2024
Last update May 20, 2025

CVSS base score

7.6/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

In Delinea PAM Secret Server 11.4, it is possible for a user assigned "Administer Reports" permission and/or with access to Report functionality via UNLIMITED ADMIN MODE (with access to the Report functionality) to gain unauthorized access to remote sessions created by legitimate users through information obtained from the Custom Legacy Report functionality.

Key dates

02Disclosure timeline

March 14, 2024 CVE published
May 20, 2025 Record updated