CVE-2025-12811
Received Received - Intake
HTTP Request Smuggling in Delinea Cloud Suite Enables Attackers

Publication date: 2026-02-18

Last updated on: 2026-02-18

Assigner: Delinea

Description
Improper Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in Delinea Inc. Cloud Suite and Privileged Access Service. If you're not using the latest Server Suite agents, this fix requires that you upgradeΒ to Server Suite 2023.1 (agent 6.0.1) or later. * If you cannot upgrade to Release 2023.1 (agent version 6.0.1) or later, you can choose one of the following versions: * Server Suite release 2023.0.5 (agent version 6.0.0-158) * Server Suite release 2022.1.10 (agent version 5.9.1-337)
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-18
Last Modified
2026-02-18
Generated
2026-05-07
AI Q&A
2026-02-19
EPSS Evaluated
2026-05-05
NVD
CVE-2025-12811
EUVD
EUVD-2025-207857
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
delinea_inc cloud_suite From 6.0.1 (inc)
delinea_inc cloud_suite to 6.0.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-444 The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an instance of HTTP Request Smuggling affecting Delinea Inc. Cloud Suite and Privileged Access Service. It arises from improper and inconsistent interpretation of HTTP requests by the affected software.


How can this vulnerability impact me? :

The vulnerability has a CVSS v4.0 base score of 6.9, indicating a moderate severity. It can potentially allow attackers to exploit the inconsistent HTTP request handling to interfere with the normal operation of the affected services, possibly leading to unauthorized actions or data exposure.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should upgrade to the latest Server Suite agents.

  • Upgrade to Server Suite 2023.1 (agent 6.0.1) or later.
  • If you cannot upgrade to Release 2023.1 (agent version 6.0.1) or later, upgrade to one of the following versions:
  • Server Suite release 2023.0.5 (agent version 6.0.0-158)
  • Server Suite release 2022.1.10 (agent version 5.9.1-337)

Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart