Delphix Secret Server SQL Injection & Auth Bypass (CVE-2022-6945/CVE-2025-8942) and Hashicorp Vulnerability Advisory

Critical Vulnerability Information 1. Delphix Secret Server on-prem SQL report creation vulnerability - CVE-2022-6945 Release Date: 3/3/2022 Affected Versions: Secret Server version 11.7.45 and earlier Description: An attacker with permissions to create reports can exploit a vulnerability in the SQL Report functionality. Fix Version: Upgrade to Secret Server version 11.7.46 or later. 2. Delphix Secret Server on-prem distributed engine authentication process vulnerability - CVE-2025-8942 Release Date: Not displayed Affected Versions: The distributed engine of Secret Server version 11.7.45 and earlier Description: An attacker can impersonate another device by exploiting a vulnerability in an initial authentication event. Fix Version: Upgrade to Secret Server version 11.7.46 or later and update Distributed Engine versions to 6.0.6.5 or higher for Cloud 1.0 or higher for Cloud 2.0. 3. Critical Hashicorp Ingress/Lightmare Vulnerabilities Notification Release Date: Not displayed Description: Multiple vulnerabilities were discovered in HashiCorp Consul, Vault, Nomad, and Waypoint software products. Remediation Recommendation: Please contact your Customer Success Manager, Engagement Manager, or Partner Manager for more information. ``` This information provides details on critical vulnerabilities affecting Delphix Secret Server and HashiCorp products, including vulnerability types, affected versions, descriptions, and remediation recommendations.

Goal Reached Thanks to every supporter — we hit 100%!

Delphix Secret Server SQL Injection & Auth Bypass (CVE-2022-6945/CVE-2025-8942) and Hashicorp Vulnerability Advisory