CVE-2025-12810

Severity CVSS v4.0:

MEDIUM

Type:

CWE-287 Authentication Issues

Publication date:

27/01/2026

Last modified:

29/01/2026

Description

Improper Authentication vulnerability in Delinea Inc. Secret Server On-Prem (RPC Password Rotation modules).This issue affects Secret Server On-Prem: 11.8.1, 11.9.6, 11.9.25.<br /> <br /> A secret with "change password on check in" enabled automatically checks in even when the password change fails after reaching its retry limit. This leaves the secret in an inconsistent state with the wrong password.<br /> <br /> Remediation: Upgrade to 11.9.47 or later. The secret will remain checked out when the password change fails.

Impact

Vector 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/AU:Y/R:A CVSS v4.0 Severity and Metrics:

Base Score: 5.30 MEDIUM
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/AU:Y/R:A

Attack Vector (AV): Network
Attack Complexity (AC): Low
Attack Requirements (AT): None
Privileges Required (PR): Low
User Interaction (UI): None
Confidentiality (VC): None
Integrity (VI): Low
Availability (VA): Low
Confidentiality (SC): None
Integrity (SI): None
Availability (SA): None
Automatable (AU): Yes
Recovery (R): Automatic

Base Score 4.0

5.30

Severity 4.0

MEDIUM

CVE-2025-12810

Description

Impact

References to Advisories, Solutions, and Tools