Home / Security updates / Delinea Secret Server on-prem RPC Password Rotation authentication vulnerability - CVE-2025-12810
Delinea Secret Server on-prem RPC Password Rotation authentication vulnerability - CVE-2025-12810
Security updates detail rendered from /security-updates/upd_f582b9e57f29f121.
Overview
| ID | upd_f582b9e57f29f121 |
| Collection | Security Updates |
| Provider | SafeBase |
| Company | Delinea |
| URL | - |
| Counts | - |
| Updated | - |
Raw record
| Field | Value |
|---|---|
| id | upd_f582b9e57f29f121 |
| providerId | safebase |
| organizationId | org_a3ee621a755352d9 |
| trustCenterId | tc_c2a1aa0eb7eda998 |
| title | Delinea Secret Server on-prem RPC Password Rotation authentication vulnerability - CVE-2025-12810 |
| message | Improper Authentication vulnerability in Delinea Inc. Secret Server On-Prem (RPC Password Rotation modules). This issue affects Secret Server On-Prem: 11.8.1, 11.9.6, 11.9.25. A secret with "change password on check in" enabled automatically checks in even when the password change fails after reaching its retry limit. This leaves the secret in an inconsistent state with the wrong password. **Affected Product and Version** Delinea Secret Server on-prem versions 11.8.1, 11.9.6, and 11.9.25 **Resolution** Upgrade to Secret Server version 11.9.47 or later The secret will remain checked out when the password change fails. **CVE Details** * CVE ID: CVE-2025-12810 * Published Date: January 27, 2026 * Vulnerability Type: Improper Authentication * CWE: 287 * CVSS v4.0 Score: 5.3 * CVSS v4.0 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/AU:Y/R:A |
| url | - |
| publishedAt | 2026-01-27 |
| source | {
"field": "statuspage/public/compliance-update",
"category": "vulnerabilities"
} |
| company | {
"id": "org_a3ee621a755352d9",
"name": "Delinea",
"domains": [
"trust.delinea.com",
"delinea.com"
]
} |
| trust_center | {
"id": "tc_c2a1aa0eb7eda998",
"name": "Delinea",
"url": "https://trust.delinea.com",
"host": "trust.delinea.com"
} |
| provider | {
"id": "safebase",
"name": "SafeBase"
} |
| links | {
"self": "/v1/security-updates/upd_f582b9e57f29f121",
"company": "/v1/companies/org_a3ee621a755352d9",
"trust_center": "/v1/trust-centers/tc_c2a1aa0eb7eda998",
"provider": "/v1/providers/safebase"
} |
Get this page with API
Rendered from the bluedoor Trust Centers API. Reproduce it:
GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_f582b9e57f29f121JSON