CVE-2025-12811

Improper Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in Delinea Inc. Cloud Suite and Privileged Access Service. If you're not using the latest Server Suite agents, this fix requires that you upgrade to Server Suite 2023.1 (agent 6.0.1) or later. * If you cannot upgrade to Release 2023.1 (agent version 6.0.1) or later, you can choose one of the following versions: * Server Suite release 2023.0.5 (agent version 6.0.0-158) * Server Suite release 2022.1.10 (agent version 5.9.1-337)

CVSS

No CVSS.

References

Link	Resource
https://docs.delinea.com/online-help/cloud-suite/release-notes/cloud-suite/25.1.htm#Resolved2
https://trust.delinea.com/?tcuUid=d512dd6a-fa40-421c-ac11-1be280b1cb83

Configurations

No configuration.

History

18 Feb 2026, 23:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-18 23:16

Updated : 2026-02-19 15:53

NVD link : CVE-2025-12811

Mitre link : CVE-2025-12811

CVE.ORG link : CVE-2025-12811

JSON object : View

Products Affected

No product.

CWE

CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

{"id": "CVE-2025-12811", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "1443cd92-d354-46d2-9290-d812316ca43a", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-18T23:16:18.580", "references": [{"url": "https://docs.delinea.com/online-help/cloud-suite/release-notes/cloud-suite/25.1.htm#Resolved2", "source": "1443cd92-d354-46d2-9290-d812316ca43a"}, {"url": "https://trust.delinea.com/?tcuUid=d512dd6a-fa40-421c-ac11-1be280b1cb83", "source": "1443cd92-d354-46d2-9290-d812316ca43a"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "1443cd92-d354-46d2-9290-d812316ca43a", "description": [{"lang": "en", "value": "CWE-444"}]}], "descriptions": [{"lang": "en", "value": "Improper Inconsistent Interpretation of\nHTTP Requests ('HTTP Request Smuggling') in Delinea Inc. Cloud Suite and\nPrivileged Access Service.\n\nIf you're not using the latest Server Suite agents, this fix requires that you upgrade\u00a0to Server Suite 2023.1 (agent 6.0.1) or later. * If you cannot upgrade to Release 2023.1 (agent version 6.0.1) or later, you can choose one of the following versions:\n\n * Server Suite release 2023.0.5 (agent version 6.0.0-158)\n\n\n * Server Suite release 2022.1.10 (agent version 5.9.1-337)"}], "lastModified": "2026-02-19T15:53:02.850", "sourceIdentifier": "1443cd92-d354-46d2-9290-d812316ca43a"}