Trust Center
Security is built into our bones
Delinea’s Privileged Access Management solutions are built with security as a foundation from the start. We adhere to industry standards and frameworks, and ensure security testing is performed as a critical component of our software development processes along with continuous Quality Assurance (QA) checks.
Our cybersecurity defense measures address key components, including intrusion detection, Distributed denial-of-service (DDoS) attack prevention, penetration testing, behavioral analytics, anomaly detection, machine learning, and Security Operations Center. We also monitor and protect against critical web application security risks incorporating OWASP Top 10 and Automated Top 20 threats.
Encryption assured for data in transit and at rest
Customer data is fully isolated and encrypted both in transit and at rest, using the AES-256 standard encryption algorithm and PBKDF2-HMAC-SHA256 hashing algorithm. Delinea uses private encryption keys for each customer, with third-party key management support (AWS KMS). Secrets are systematically “salted” before being hashed and encrypted with their own unique Initialization Vector and Key.
Connections to Delinea cloud services are protected via Transport Layer Security (TLS). Distributed Engine communications are also secured with an additional encryption key unique to each tenant.
Documents
Delinea Secret Server on-prem SQL report creation vulnerability - CVE-2025-6943
Secret Server version 11.7.49 and earlier allows an administrator to gain access to restricted tables by exploiting a vulnerability in the SQL report creation functionality.
Affected Product and Version
Delinea Secret Server on-prem version 11.7.49 and earlier
Resolution
Upgrade to Secret Server version 11.7.60
CVE Details
- CVE ID: CVE-2025-6943
- Published Date: July 2, 2025
- Vulnerability Type: Improper Privilege Management
- CWE: 269
- CVSS v3 Score: 3.8
- CVSS v3 Vector: AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
Delinea Secret Server on-prem distributed engine authentication process vulnerability - CVE-2025-6942
The distributed engine of Secret Server version 11.7.49 and earlier allows an attacker to impersonate another distributed engine by exploiting a vulnerability in an initial authorization event.
Affected Product and Version
Delinea Secret Server on-prem version 11.7.49 and earlier / Distributed Engine version 8.4.39.0 and earlier.
Resolution
Upgrade to Secret Server version 11.7.60 or later and update Distributed Engine version to 8.4.43 or higher (for Cloud 8.4.41 or higher).
CVE Details
- CVE ID: CVE-2025-6942
- Published Date: July 2, 2025
- Vulnerability Type: Authorization Bypass Through User-Controlled Key
- CWE: 639
- CVSS v3 Score: 3.8
- CVSS v3 Vector: AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
Notice regarding the recent geopolitical development between India and Pakistan
Delinea is tracking the recent escalation between India and Pakistan and would like to assure our customers that our solutions and service offerings aren't impacted. We continue to monitor the situation and will provide further updates if our assessment changes.
If you have questions, please contact your Customer Success Manager, Engagement Manager, or Partner Manager. Please subscribe to the Delinea Trust Center for future security and other important announcements.
Delinea's analysis of critical Erlang/OTP SSH Server implementation vulnerability (CVE-2025-32433)
Delinea has analyzed the critical Erlang/OTP SSH Server implementation vulnerability (CVE-2025-32433) and has determined that none of it's products are impacted as they do not use or enable the Erlang SSH server by default.
Customers have the ability to manually enable the Erlangs SSH component in Delinea Secret Server (on-prem), the Delinea RabbitMQ Helper, and associated installations of RabbitMQ, in which case this vulnerability might pose a risk. To address the potential risk, customers are advised to either:
- Upgrade Erlang/OTP to one of the patched versions (27.3.3, 26.2.5.11, or 25.3.2.20)
- Disable the Erlang built-in SSH Server
If you have questions, please contact your Customer Success Manager, Engagement Manager, or Partner Manager. Please subscribe to the Delinea Trust Center for future security and other important announcements.
Critical Kubernetes ‘IngressNightmare’ Vulnerabilities Notification
Delinea has reviewed the critical Kubernetes vulnerabilities that were disclosed on March 25, 2025 CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974, and has determined that they’re applicable to the Delinea Platform and Secret Server Cloud offerings. The Kubernetes clusters for both offerings do not have internet-facing admission controllers and could not have been exploited without internal access. Delinea has promptly patched and successfully tested both products offerings and, out of an abundance of caution, has examined all recent activity and determined that there are no indicators of compromise. Delinea will continue to monitor the service offerings in question and provide communication updates if new material information comes to light.
If you have questions, please contact your Customer Success Manager, Engagement Manager, or Partner Manager. Please subscribe to the Delinea Trust Center for future security and other important announcements.