Home / Security updates / Delinea Cloud Suite and Privileged Access Service – HTTP Request Smuggling vulnerability - CVE-2025-12811
Delinea Cloud Suite and Privileged Access Service – HTTP Request Smuggling vulnerability - CVE-2025-12811
Security updates detail rendered from /security-updates/upd_2211aad63cb6786c.
Overview
| ID | upd_2211aad63cb6786c |
| Collection | Security Updates |
| Provider | SafeBase |
| Company | Delinea |
| URL | - |
| Counts | - |
| Updated | - |
Raw record
| Field | Value |
|---|---|
| id | upd_2211aad63cb6786c |
| providerId | safebase |
| organizationId | org_a3ee621a755352d9 |
| trustCenterId | tc_c2a1aa0eb7eda998 |
| title | Delinea Cloud Suite and Privileged Access Service – HTTP Request Smuggling vulnerability - CVE-2025-12811 |
| message | Improper Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in Delinea Inc. Cloud Suite and Privileged Access Service. If you're not using the latest Server Suite agents, this fix requires that you upgrade to Server Suite 2023.1 (agent 6.0.1) or later. If you cannot upgrade to Release 2023.1 (agent version 6.0.1) or later, you can choose one of the following versions: Server Suite release 2023.0.5 (agent version 6.0.0-158), or Server Suite release 2022.1.10 (agent version 5.9.1-337). **Affected Product and Version** Delinea Cloud Suite and Privileged Access Service version 25.1 HF4 and earlier **Resolution** Upgrade to version 25.1 HF5 or later **CVE Details** - CVE ID: CVE-2025-12811 - Published Date: Februrary 18, 2026 - Vulnerability Type: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') - CWE: 444 - CVSS v4.0 Score: 6.9 - CVSS v4.0 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
| url | - |
| publishedAt | 2026-02-18 |
| source | {
"field": "statuspage/public/compliance-update",
"category": "vulnerabilities"
} |
| company | {
"id": "org_a3ee621a755352d9",
"name": "Delinea",
"domains": [
"trust.delinea.com",
"delinea.com"
]
} |
| trust_center | {
"id": "tc_c2a1aa0eb7eda998",
"name": "Delinea",
"url": "https://trust.delinea.com",
"host": "trust.delinea.com"
} |
| provider | {
"id": "safebase",
"name": "SafeBase"
} |
| links | {
"self": "/v1/security-updates/upd_2211aad63cb6786c",
"company": "/v1/companies/org_a3ee621a755352d9",
"trust_center": "/v1/trust-centers/tc_c2a1aa0eb7eda998",
"provider": "/v1/providers/safebase"
} |
Get this page with API
Rendered from the bluedoor Trust Centers API. Reproduce it:
GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_2211aad63cb6786cJSON