CVE-2025-12874
Unknown Unknown - Not Provided
HTTP Request Smuggling in Quest Coexistence Manager Free/Busy Module

Publication date: 2025-12-19

Last updated on: 2025-12-19

Assigner: Security Risk Advisors

Description
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Quest Coexistence Manager for Notes (Free/Busy Connector modules) allows HTTP Request Smuggling via the Content-Length-Transfer-Encoding (CL.TE) attack vector. This could allow an attacker toΒ bypass access controls, poison web caches, hijack sessions, or trigger unintended internal requests. This issue affects Coexistence Manager for Notes 3.8.2045. Other versions may also be affected.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-19
Last Modified
2025-12-19
Generated
2026-06-16
AI Q&A
2025-12-19
EPSS Evaluated
2026-06-15
NVD
CVE-2025-12874
EUVD
EUVD-2025-204611
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
quest coexistence_manager_for_notes 3.8.2045
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-444 The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an HTTP Request Smuggling issue in Quest Coexistence Manager for Notes (Free/Busy Connector modules) version 3.8.2045. It arises from inconsistent interpretation of HTTP requests, specifically via the Content-Length-Transfer-Encoding (CL.TE) attack vector. An attacker can exploit this to manipulate HTTP requests, potentially bypassing security controls, poisoning web caches, hijacking sessions, or triggering unintended internal requests. [1]

Impact Analysis

Exploitation of this vulnerability can allow an attacker to bypass access controls, poison web caches, hijack user sessions, or cause unintended internal requests within the affected application. This can lead to unauthorized access and other malicious actions, compromising the security and integrity of the system. [1]

Mitigation Strategies

To mitigate this vulnerability, you should apply the patch or fix provided by the vendor for Quest Coexistence Manager for Notes version 3.8.2045. Contact Quest technical support for assistance if needed, and ensure your system is updated to a version where this vulnerability is addressed. [1, 2]

Compliance Impact

The provided resources do not contain information about how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12874. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart