Vendor scorecard
Delinea
Delinea security disclosure record — CVE volume, CVSS severity mix and product-category breakdown, sourced from the NIST NVD.
CPE: delinea
Product families
1
Open in latest
8
Inferred — see methodology
Last disclosure
Jan 27, 2026
01
Product categories
1 trackedCVE volume, severity mix and the inferred latest shipping version per category.
| Category | CVEs | Volume | Severity mix | Open | Inferred latest |
|---|---|---|---|---|---|
| Secret Server (PAM)Identity & Access Managementsecret_server, privilege_manager | 3 | 8 | 11.9.000006MED |
02
Recent CVEs
3 shownMost recently published, newest first. Each ID links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-12810(opens NVD record) | Medium | 6.5 | Improper Authentication vulnerability in Delinea Inc. Secret Server On-Prem (RPC Password Rotation modules).This issue affects Secret Server On-Prem: 11.8.1, 11.9.6, 11.9.25. A secret with "change password on check in" enabled automatically checks in even when the password change fails after reaching its retry limit. This leaves the secret in an inconsistent state with the wrong password. Remediation: Upgrade to 11.9.47 or later. The secret will remain checked out when the password change fails. | Jan 27, 2026 |
| CVE-2025-6943(opens NVD record) | Low | 3.8 | Secret Server version 11.7 and earlier is vulnerable to a SQL report creation vulnerability that allows an administrator to gain access to restricted tables. | Jul 2, 2025 |
| CVE-2024-12908(opens NVD record) | Medium | 6.9 | Delinea addressed a reported case on Secret Server v11.7.31 (protocol handler version 6.0.3.26) where, within the protocol handler function, URI's were compared before normalization and canonicalization, potentially leading to over matching against the approved list. If this attack were successfully exploited, a remote attacker may be able to convince a user to visit a malicious web-page, or open a malicious document which could trigger the vulnerable handler, allowing them to execute arbitrary code on the user's machine. Delinea added additional validation that the downloaded installer's batch file was in the expected format. | Dec 26, 2024 |
3 CVEs · 1 product families