CVE-2025-12874
HTTP Request Smuggling in Quest Coexistence Manager Free/Busy Module
Publication date: 2025-12-19
Last updated on: 2025-12-19
Assigner: Security Risk Advisors
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| quest | coexistence_manager_for_notes | 3.8.2045 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-444 | The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an HTTP Request Smuggling issue in Quest Coexistence Manager for Notes (Free/Busy Connector modules) version 3.8.2045. It arises from inconsistent interpretation of HTTP requests, specifically via the Content-Length-Transfer-Encoding (CL.TE) attack vector. An attacker can exploit this to manipulate HTTP requests, potentially bypassing security controls, poisoning web caches, hijacking sessions, or triggering unintended internal requests. [1]
How can this vulnerability impact me? :
Exploitation of this vulnerability can allow an attacker to bypass access controls, poison web caches, hijack user sessions, or cause unintended internal requests within the affected application. This can lead to unauthorized access and other malicious actions, compromising the security and integrity of the system. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should apply the patch or fix provided by the vendor for Quest Coexistence Manager for Notes version 3.8.2045. Contact Quest technical support for assistance if needed, and ensure your system is updated to a version where this vulnerability is addressed. [1, 2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not contain information about how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.