{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12811", "assignerOrgId": "1443cd92-d354-46d2-9290-d812316ca43a", "state": "PUBLISHED", "assignerShortName": "Delinea", "dateReserved": "2025-11-06T16:31:44.269Z", "datePublished": "2026-02-18T22:08:25.254Z", "dateUpdated": "2026-02-19T16:04:19.494Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Cloud Suite and Privileged Access Service", "vendor": "Delinea Inc.", "versions": [{"status": "unaffected", "version": "25.1 HF5"}, {"status": "affected", "version": "25.1 HF4 and earlier"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Dawid Dudek"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Inconsistent Interpretation of\nHTTP Requests ('HTTP Request Smuggling') in Delinea Inc. Cloud Suite and\nPrivileged Access Service.<br><br>If you're not using the latest Server Suite agents, this fix <b>requires that you upgrade&nbsp;</b>to Server Suite 2023.1 (agent 6.0.1) or later.<ul><li><p>If you cannot upgrade to Release 2023.1 (agent version 6.0.1) or later, you can choose one of the following versions:</p><ul><li><p>Server Suite release 2023.0.5 (agent version 6.0.0-158)</p></li><li><p>Server Suite release 2022.1.10 (agent version 5.9.1-337)</p></li></ul></li></ul><br>\n\n\n\n\n\n<br>"}], "value": "Improper Inconsistent Interpretation of\nHTTP Requests ('HTTP Request Smuggling') in Delinea Inc. Cloud Suite and\nPrivileged Access Service.\n\nIf you're not using the latest Server Suite agents, this fix requires that you upgrade\u00a0to Server Suite 2023.1 (agent 6.0.1) or later. * If you cannot upgrade to Release 2023.1 (agent version 6.0.1) or later, you can choose one of the following versions:\n\n * Server Suite release 2023.0.5 (agent version 6.0.0-158)\n\n\n * Server Suite release 2022.1.10 (agent version 5.9.1-337)"}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 6.9, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-444", "description": "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1443cd92-d354-46d2-9290-d812316ca43a", "shortName": "Delinea", "dateUpdated": "2026-02-18T22:23:56.385Z"}, "references": [{"url": "https://trust.delinea.com/?tcuUid=d512dd6a-fa40-421c-ac11-1be280b1cb83"}, {"url": "https://docs.delinea.com/online-help/cloud-suite/release-notes/cloud-suite/25.1.htm#Resolved2"}], "source": {"discovery": "EXTERNAL"}, "title": "Cloud Suite and Privilege Access Service\u2013 HTTP request smuggling vulnerability", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-19T16:02:55.787935Z", "id": "CVE-2025-12811", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-19T16:04:19.494Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-12811", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-19T16:02:55.787935Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-19T16:03:15.275Z"}}], "cna": {"title": "Cloud Suite and Privilege Access Service\u2013 HTTP request smuggling vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "Dawid Dudek"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Delinea Inc.", "product": "Cloud Suite and Privileged Access Service", "versions": [{"status": "unaffected", "version": "25.1 HF5"}, {"status": "affected", "version": "25.1 HF4 and earlier"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://trust.delinea.com/?tcuUid=d512dd6a-fa40-421c-ac11-1be280b1cb83"}, {"url": "https://docs.delinea.com/online-help/cloud-suite/release-notes/cloud-suite/25.1.htm#Resolved2"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Improper Inconsistent Interpretation of\nHTTP Requests ('HTTP Request Smuggling') in Delinea Inc. Cloud Suite and\nPrivileged Access Service.\n\nIf you're not using the latest Server Suite agents, this fix requires that you upgrade\u00a0to Server Suite 2023.1 (agent 6.0.1) or later. * If you cannot upgrade to Release 2023.1 (agent version 6.0.1) or later, you can choose one of the following versions:\n\n * Server Suite release 2023.0.5 (agent version 6.0.0-158)\n\n\n * Server Suite release 2022.1.10 (agent version 5.9.1-337)", "supportingMedia": [{"type": "text/html", "value": "Improper Inconsistent Interpretation of\nHTTP Requests ('HTTP Request Smuggling') in Delinea Inc. Cloud Suite and\nPrivileged Access Service.<br><br>If you're not using the latest Server Suite agents, this fix <b>requires that you upgrade&nbsp;</b>to Server Suite 2023.1 (agent 6.0.1) or later.<ul><li><p>If you cannot upgrade to Release 2023.1 (agent version 6.0.1) or later, you can choose one of the following versions:</p><ul><li><p>Server Suite release 2023.0.5 (agent version 6.0.0-158)</p></li><li><p>Server Suite release 2022.1.10 (agent version 5.9.1-337)</p></li></ul></li></ul><br>\n\n\n\n\n\n<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-444", "description": "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')"}]}], "providerMetadata": {"orgId": "1443cd92-d354-46d2-9290-d812316ca43a", "shortName": "Delinea", "dateUpdated": "2026-02-18T22:23:56.385Z"}}}, "cveMetadata": {"cveId": "CVE-2025-12811", "state": "PUBLISHED", "dateUpdated": "2026-02-19T16:04:19.494Z", "dateReserved": "2025-11-06T16:31:44.269Z", "assignerOrgId": "1443cd92-d354-46d2-9290-d812316ca43a", "datePublished": "2026-02-18T22:08:25.254Z", "assignerShortName": "Delinea"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Inconsistent Interpretation of\nHTTP Requests ('HTTP Request Smuggling') in Delinea Inc. Cloud Suite and\nPrivileged Access Service.\n\nIf you're not using the latest Server Suite agents, this fix requires that you upgrade\u00a0to Server Suite 2023.1 (agent 6.0.1) or later. * If you cannot upgrade to Release 2023.1 (agent version 6.0.1) or later, you can choose one of the following versions:\n\n * Server Suite release 2023.0.5 (agent version 6.0.0-158)\n\n\n * Server Suite release 2022.1.10 (agent version 5.9.1-337)"}], "id": "CVE-2025-12811", "lastModified": "2026-02-19T15:53:02.850", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "1443cd92-d354-46d2-9290-d812316ca43a", "type": "Secondary"}]}, "published": "2026-02-18T23:16:18.580", "references": [{"source": "1443cd92-d354-46d2-9290-d812316ca43a", "url": "https://docs.delinea.com/online-help/cloud-suite/release-notes/cloud-suite/25.1.htm#Resolved2"}, {"source": "1443cd92-d354-46d2-9290-d812316ca43a", "url": "https://trust.delinea.com/?tcuUid=d512dd6a-fa40-421c-ac11-1be280b1cb83"}], "sourceIdentifier": "1443cd92-d354-46d2-9290-d812316ca43a", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-444"}], "source": "1443cd92-d354-46d2-9290-d812316ca43a", "type": "Secondary"}]}

{}

{"created": "2026-02-19T10:10:36.393986+00:00", "updated": "2026-02-19T10:10:36.394138+00:00", "vendors": ["delinea", "delinea$PRODUCT$cloud_suite_and_privileged_access_service"]}