CVE-2025-12811
6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Summary
Improper Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in Delinea Inc. Cloud Suite and Privileged Access Service.
If you're not using the latest Server Suite agents, this fix requires that you upgrade to Server Suite 2023.1 (agent 6.0.1) or later. * If you cannot upgrade to Release 2023.1 (agent version 6.0.1) or later, you can choose one of the following versions:
Server Suite release 2023.0.5 (agent version 6.0.0-158)
Server Suite release 2022.1.10 (agent version 5.9.1-337)
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Delinea Inc. | Cloud Suite and Privileged Access Service | 25.1 HF5 | unaffected |
| Delinea Inc. | Cloud Suite and Privileged Access Service | 25.1 HF4 and earlier | affected |
Weaknesses
- CWE-444: CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://trust.delinea.com/?tcuUid=d512dd6a-fa40-421c-ac11-1be280b1cb83
- https://docs.delinea.com/online-help/cloud-suite/release-notes/cloud-suite/25.1.htm#Resolved2
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.