CVE-2025-12812

MEDIUM

Delinea Cloud Suite - SQL Injection

Title source: llm

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Delinea Inc. Cloud Suite and Privileged Access Service. Remediation: This issue is fixed in Cloud Suite: 25.1

References (2)

Core 2

Core References

Various Sources

https://docs.delinea.com/online-help/cloud-suite/release-notes/cloud-suite/25.1.htm

Various Sources

https://trust.delinea.com/?tcuUid=9681f2f0-f9b2-4c7a-abc6-1fcd65c34f46

Scores

CVSS v4 5.3

EPSS 0.0027

EPSS Percentile 17.6%

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-89

Status published

Products (2)

Delinea Inc./Cloud Suite and Privileged Access Service 23.1.2 and earlier

Delinea Inc./Cloud Suite and Privileged Access Service 25.1 and above

Published Feb 18, 2026

Tracked Since Feb 19, 2026