CVE-2025-12811

MEDIUM

Delinea Cloud Suite - HTTP Request Smuggling

Title source: llm

Description

Improper Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in Delinea Inc. Cloud Suite and Privileged Access Service. If you're not using the latest Server Suite agents, this fix requires that you upgrade to Server Suite 2023.1 (agent 6.0.1) or later. * If you cannot upgrade to Release 2023.1 (agent version 6.0.1) or later, you can choose one of the following versions: * Server Suite release 2023.0.5 (agent version 6.0.0-158) * Server Suite release 2022.1.10 (agent version 5.9.1-337)

References (2)

[Various Sources] https://docs.delinea.com/online-help/cloud-suite/release-notes/cloud-suite/25.1.htm#Resolved2

[Various Sources] https://trust.delinea.com/?tcuUid=d512dd6a-fa40-421c-ac11-1be280b1cb83

Scores

CVSS v4 6.9

EPSS 0.0002

EPSS Percentile 5.6%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-444

Status published

Products (2)

Delinea Inc./Cloud Suite and Privileged Access Service 25.1 HF4 and earlier

Delinea Inc./Cloud Suite and Privileged Access Service 25.1 HF5

Published Feb 18, 2026

Tracked Since Feb 19, 2026