CVE-2024-25652 in PAM Secret Serverinfo

Summary

by MITRE • 03/14/2024

In Delinea PAM Secret Server 11.4, it is possible for a user (with access to the Report functionality) to gain unauthorized access to remote sessions created by legitimate users.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 10/10/2025

The vulnerability identified as CVE-2024-25652 affects Delinea PAM Secret Server version 11.4, representing a critical authorization flaw that undermines the security posture of privileged access management systems. This issue stems from insufficient access controls within the Report functionality, creating a pathway for malicious actors to exploit legitimate user sessions. The vulnerability exists due to improper validation of user permissions when accessing remote session data, allowing unauthorized users to bypass normal access restrictions and view sensitive session information.

The technical implementation of this flaw involves a failure in the application's session management and authorization mechanisms. When users access the reporting features, the system does not adequately verify whether the requesting user has legitimate authorization to view remote sessions created by other users. This weakness creates an information disclosure vulnerability that aligns with CWE-284, which addresses improper access control in software applications. The flaw essentially allows privilege escalation through the reporting module, enabling users to access session data they should not normally be able to retrieve.

The operational impact of this vulnerability extends beyond simple information disclosure, as it can lead to comprehensive session hijacking and unauthorized access to privileged systems. Attackers could potentially gain insights into legitimate user activities, session timing, and access patterns, which could be leveraged for further attacks or to understand the organization's privileged access landscape. This vulnerability directly affects the principle of least privilege and can compromise the integrity of the privileged access management system, making it easier for attackers to move laterally within the network. The risk is particularly severe in environments where sensitive systems are accessed through privileged accounts, as session data could reveal credentials, commands executed, and access patterns.

Organizations utilizing Delinea PAM Secret Server 11.4 should immediately implement mitigations including applying the latest security patches provided by Delinea, reviewing and tightening access controls for the reporting functionality, and monitoring user activities within the privileged access management system. Network segmentation and additional authentication layers should be considered as temporary measures until the official patch is deployed. The vulnerability demonstrates the importance of proper input validation and access control implementation as outlined in the mitre ATT&CK framework's privilege escalation techniques. Security teams should also conduct comprehensive audits of all reporting and analytics features within their privileged access management systems to identify similar authorization flaws that could be exploited in similar fashion.

Reservation

02/09/2024

Disclosure

03/14/2024

Moderation

accepted

CPE

ready

EPSS

0.00590

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!