HTTP Request Smuggling Vulnerability in Quest Coexistence Manager for Notes
CVE-2025-12874

6.3MEDIUM

Key Information:

Vendor: Quest
Status: Coexistence Manager For Notes
Vendor: CVE Published:; 19 December 2025

What is CVE-2025-12874?

An inconsistency in the interpretation of HTTP requests within Quest Coexistence Manager for Notes, specifically in the Free/Busy Connector modules, creates a vulnerability to HTTP Request Smuggling. By exploiting methods related to Content-Length and Transfer-Encoding, attackers can potentially bypass security controls, poison web caches, hijack user sessions, or manipulate internal requests. This issue has been confirmed in version 3.8.2045, with other versions possibly affected.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Coexistence Manager for Notes 3.8.2045

References

https://support.quest.com/coexistence-manager-for-notes/3.10

https://sra.io/advisories/

third-party-advisory

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Dec 19, 2025
Vulnerability Reserved
Nov 7, 2025

Credit

Cam Lischke (SRA)

JSON

Quest