Cloud Suite and Privilege Access Service– HTTP request smuggling vulnerability

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Description

Improper Inconsistent Interpretation of
HTTP Requests ('HTTP Request Smuggling') in Delinea Inc. Cloud Suite and
Privileged Access Service.

If you're not using the latest Server Suite agents, this fix requires that you upgrade to Server Suite 2023.1 (agent 6.0.1) or later. * If you cannot upgrade to Release 2023.1 (agent version 6.0.1) or later, you can choose one of the following versions:

* Server Suite release 2023.0.5 (agent version 6.0.0-158)

* Server Suite release 2022.1.10 (agent version 5.9.1-337)

Basic Information

ID CVE-2025-12811

Source Delinea

Published Feb 18, 2026 at 22:08

Modified Feb 18, 2026 at 22:23

Affected Product

Vendor Delinea Inc.

Product Cloud Suite and Privileged Access Service

Version 25.1 HF5

Affected Versions Delinea Inc. Cloud Suite and Privileged Access Service 25.1 HF4 and earlier

CWE Classification

CWE-444

References

{
    "lastseen": "",
    "description": "Improper Inconsistent Interpretation of\nHTTP Requests ('HTTP Request Smuggling') in Delinea Inc. Cloud Suite and\nPrivileged Access Service.\n\nIf you're not using the latest Server Suite agents, this fix requires that you upgrade\u00a0to Server Suite 2023.1 (agent 6.0.1) or later.  *  If you cannot upgrade to Release 2023.1 (agent version 6.0.1) or later, you can choose one of the following versions:\n\n  *  Server Suite release 2023.0.5 (agent version 6.0.0-158)\n\n\n  *  Server Suite release 2022.1.10 (agent version 5.9.1-337)",
    "published": "2026-02-18T22:08:25.254Z",
    "modified": "2026-02-18T22:23:56.385Z",
    "type": "cve",
    "title": "Cloud Suite and Privilege Access Service\u2013 HTTP request smuggling vulnerability",
    "source": "Delinea",
    "references": "https://trust.delinea.com/?tcuUid=d512dd6a-fa40-421c-ac11-1be280b1cb83\nhttps://docs.delinea.com/online-help/cloud-suite/release-notes/cloud-suite/25.1.htm#Resolved2",
    "id": "CVE-2025-12811",
    "bulletinFamily": "",
    "cwe": [
        "CWE-444"
    ],
    "cvelist": null,
    "sourceData": "Delinea Inc. Cloud Suite and Privileged Access Service 25.1 HF4 and earlier",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Cloud Suite and Privileged Access Service",
    "version": "25.1 HF5",
    "vendor": "Delinea Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Cloud Suite and Privilege Access Service– HTTP request smuggling vulnerability_CVE-2025-12811