Quest Coexistence Manager for Notes 3.8.2045: HTTP Request Smuggling via CL/TE
CVE-2025-12874 Published on December 19, 2025
HTTP Request Smuggling in Quest Coexistence Manager for Notes
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Quest Coexistence Manager for Notes (Free/Busy Connector modules) allows HTTP Request Smuggling via the Content-Length-Transfer-Encoding (CL.TE) attack vector. This could allow an attacker to bypass access controls, poison web caches, hijack sessions, or trigger unintended internal requests. This issue affects Coexistence Manager for Notes 3.8.2045. Other versions may also be affected.
Weakness Type
What is a HTTP Request Smuggling Vulnerability?
When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to "smuggle" a request to one device without the other device being aware of it.
CVE-2025-12874 has been classified to as a HTTP Request Smuggling vulnerability or weakness.
Products Associated with CVE-2025-12874
Want to know whenever a new CVE is published for Quest Software Coexistence Manager For Notes? stack.watch will email you.
Affected Versions
Quest Coexistence Manager for Notes Version 3.8.2045 is affected by CVE-2025-12874Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.