CVE-2024-25653: n/a
CVE-2024-25653 is a medium-severity broken access control vulnerability in Delinea PAM Secret Server 11. 4. It allows unprivileged users to view and modify system reports through the web UI when Unlimited Admin Mode is enabled. The flaw exists in the Report functionality, enabling unauthorized report access and modification without requiring user interaction. The vulnerability impacts confidentiality but not integrity or availability of the system. No known exploits are currently reported in the wild. Organizations using Delinea PAM Secret Server with Unlimited Admin Mode enabled should review and restrict access to the reporting features. Patching or configuration changes are recommended to mitigate this risk.
AI Analysis
Technical Summary
CVE-2024-25653 is a broken access control vulnerability identified in the Report functionality of Delinea PAM Secret Server version 11.4. The vulnerability arises when the Unlimited Admin Mode feature is enabled, which inadvertently grants unprivileged users the ability to access and modify system reports via the web user interface. This bypasses intended access restrictions, allowing these users to view sensitive system reports and alter custom reports without proper authorization. The vulnerability is classified under CWE-284 (Improper Access Control) and has a CVSS 3.1 base score of 4.3, indicating a medium severity level. The attack vector is network-based (AV:N), requires low attack complexity (AC:L), and privileges are required (PR:L), but no user interaction is necessary (UI:N). The scope remains unchanged (S:U), and the impact affects confidentiality (C:L) but not integrity (I:N) or availability (A:N). There are no known exploits in the wild at this time, and no specific patches have been linked yet. This vulnerability could allow attackers with limited privileges to gain unauthorized visibility into sensitive reports and potentially manipulate reporting data, which could aid in further reconnaissance or mislead administrators.
Potential Impact
The primary impact of CVE-2024-25653 is the unauthorized disclosure of sensitive information contained within system reports, which could include privileged credential usage, system configurations, or audit logs. This breach of confidentiality could facilitate further attacks by providing adversaries with valuable intelligence about the environment. Although the vulnerability does not directly affect system integrity or availability, the ability to modify custom reports could be leveraged to obscure malicious activities or misinform security teams. Organizations relying on Delinea PAM Secret Server for privileged access management could face increased risk of insider threat exploitation or external attackers escalating privileges by abusing report access. The risk is heightened in environments where Unlimited Admin Mode is enabled broadly or without strict access controls, potentially exposing critical infrastructure and sensitive data.
Mitigation Recommendations
To mitigate CVE-2024-25653, organizations should first verify whether Unlimited Admin Mode is enabled in their Delinea PAM Secret Server deployments and assess the necessity of this mode. If possible, disable Unlimited Admin Mode or restrict it to only highly trusted administrators. Implement strict role-based access controls (RBAC) to limit report viewing and modification privileges to authorized personnel only. Monitor and audit report access logs regularly to detect any unauthorized access attempts. Until an official patch is released, consider isolating the PAM server from untrusted networks and enforcing network segmentation to reduce exposure. Engage with Delinea support for updates or patches addressing this vulnerability and apply them promptly once available. Additionally, conduct security awareness training for administrators to recognize and respond to suspicious report modifications or access patterns.
Affected Countries
United States, United Kingdom, Germany, Canada, Australia, France, Netherlands, Japan, South Korea, Singapore
CVE-2024-25653: n/a
Description
CVE-2024-25653 is a medium-severity broken access control vulnerability in Delinea PAM Secret Server 11. 4. It allows unprivileged users to view and modify system reports through the web UI when Unlimited Admin Mode is enabled. The flaw exists in the Report functionality, enabling unauthorized report access and modification without requiring user interaction. The vulnerability impacts confidentiality but not integrity or availability of the system. No known exploits are currently reported in the wild. Organizations using Delinea PAM Secret Server with Unlimited Admin Mode enabled should review and restrict access to the reporting features. Patching or configuration changes are recommended to mitigate this risk.
AI-Powered Analysis
Technical Analysis
CVE-2024-25653 is a broken access control vulnerability identified in the Report functionality of Delinea PAM Secret Server version 11.4. The vulnerability arises when the Unlimited Admin Mode feature is enabled, which inadvertently grants unprivileged users the ability to access and modify system reports via the web user interface. This bypasses intended access restrictions, allowing these users to view sensitive system reports and alter custom reports without proper authorization. The vulnerability is classified under CWE-284 (Improper Access Control) and has a CVSS 3.1 base score of 4.3, indicating a medium severity level. The attack vector is network-based (AV:N), requires low attack complexity (AC:L), and privileges are required (PR:L), but no user interaction is necessary (UI:N). The scope remains unchanged (S:U), and the impact affects confidentiality (C:L) but not integrity (I:N) or availability (A:N). There are no known exploits in the wild at this time, and no specific patches have been linked yet. This vulnerability could allow attackers with limited privileges to gain unauthorized visibility into sensitive reports and potentially manipulate reporting data, which could aid in further reconnaissance or mislead administrators.
Potential Impact
The primary impact of CVE-2024-25653 is the unauthorized disclosure of sensitive information contained within system reports, which could include privileged credential usage, system configurations, or audit logs. This breach of confidentiality could facilitate further attacks by providing adversaries with valuable intelligence about the environment. Although the vulnerability does not directly affect system integrity or availability, the ability to modify custom reports could be leveraged to obscure malicious activities or misinform security teams. Organizations relying on Delinea PAM Secret Server for privileged access management could face increased risk of insider threat exploitation or external attackers escalating privileges by abusing report access. The risk is heightened in environments where Unlimited Admin Mode is enabled broadly or without strict access controls, potentially exposing critical infrastructure and sensitive data.
Mitigation Recommendations
To mitigate CVE-2024-25653, organizations should first verify whether Unlimited Admin Mode is enabled in their Delinea PAM Secret Server deployments and assess the necessity of this mode. If possible, disable Unlimited Admin Mode or restrict it to only highly trusted administrators. Implement strict role-based access controls (RBAC) to limit report viewing and modification privileges to authorized personnel only. Monitor and audit report access logs regularly to detect any unauthorized access attempts. Until an official patch is released, consider isolating the PAM server from untrusted networks and enforcing network segmentation to reduce exposure. Engage with Delinea support for updates or patches addressing this vulnerability and apply them promptly once available. Additionally, conduct security awareness training for administrators to recognize and respond to suspicious report modifications or access patterns.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2024-02-09T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 699f6d6db7ef31ef0b5720ea
Added to database: 2/25/2026, 9:45:17 PM
Last enriched: 2/26/2026, 10:41:52 AM
Last updated: 2/26/2026, 12:45:52 PM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-14343: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Dokuzsoft Technology Ltd. E-Commerce Product
HighCVE-2026-1198: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Simple SA Simple.ERP
HighCVE-2025-64999: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Checkmk GmbH Checkmk
HighCVE-2026-28138: Deserialization of Untrusted Data in Stylemix uListing
HighCVE-2026-28136: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in VeronaLabs WP SMS
HighActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.