CVE-2024-25652

7.6 HIGH
Published: March 14, 2024 Modified: October 10, 2025
View on NVD

Description

In Delinea PAM Secret Server 11.4, it is possible for a user assigned "Administer Reports" permission and/or with access to Report functionality via UNLIMITED ADMIN MODE (with access to the Report functionality) to gain unauthorized access to remote sessions created by legitimate users through information obtained from the Custom Legacy Report functionality.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://docs.delinea.com/online-help/secret-server/admin/unlimited-administration-mode/index.htm?Highlight=unlimited%20admin
Source: 1443cd92-d354-46d2-9290-d812316ca43a
Broken Link
https://docs.delinea.com/online-help/secret-server/release-notes/ssc-rn-2024-02-10.htm
Source: 1443cd92-d354-46d2-9290-d812316ca43a
Release Notes
https://trust.delinea.com/
Source: 1443cd92-d354-46d2-9290-d812316ca43a
Vendor Advisory
https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25652
Source: 1443cd92-d354-46d2-9290-d812316ca43a
Third Party Advisory
https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25652
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

5 reference(s) from NVD

Quick Stats

CVSS v3 Score
7.6 / 10.0
EPSS (Exploit Probability)
0.2%
45th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-287

Affected Vendors

delinea

Related CVEs

CVE-2025-69261 N/A
CVE-2025-69257 6.7
CVE-2025-69210 N/A
CVE-2025-66823 N/A
CVE-2025-50343 N/A