CVE-2025-12874

MEDIUM

Quest Coexistence Manager for Notes <3.8.2045 - SSRF

Title source: llm

Description

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Quest Coexistence Manager for Notes (Free/Busy Connector modules) allows HTTP Request Smuggling via the Content-Length-Transfer-Encoding (CL.TE) attack vector. This could allow an attacker to bypass access controls, poison web caches, hijack sessions, or trigger unintended internal requests. This issue affects Coexistence Manager for Notes 3.8.2045. Other versions may also be affected.

References (2)

[Various Sources] https://support.quest.com/coexistence-manager-for-notes/3.10

[Various Sources] https://sra.io/advisories/

Scores

CVSS v4 6.3

EPSS 0.0013

EPSS Percentile 32.6%

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/U:Clear

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-444

Status published

Products (1)

Quest/Coexistence Manager for Notes 3.8.2045

Published Dec 19, 2025

Tracked Since Feb 18, 2026