CVE-2025-41082
Unknown Unknown - Not Provided
HTTP Request Desynchronization Vulnerability in Altitude Server

Publication date: 2026-01-26

Last updated on: 2026-01-26

Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)

Description
Illegal HTTP request traffic vulnerability (CL.0) in Altitude Communication Server, caused by inconsistent analysis of multiple HTTP requests over a single Keep-Alive connection using Content-Length headers. This can cause a desynchronization of requests between frontend and backend servers, which could allow request hiding, cache poisoning or security bypass.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-26
Last Modified
2026-01-26
Generated
2026-06-16
AI Q&A
2026-01-26
EPSS Evaluated
2026-06-15
NVD
CVE-2025-41082
EUVD
EUVD-2025-206375
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
altitude communication_server *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-444 The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

No solution or mitigation steps have been reported yet for this vulnerability. [1]

Impact Analysis

The vulnerability can impact you by allowing attackers to hide malicious requests, poison caches, or bypass security controls. This can lead to unauthorized access, data manipulation, or other security breaches within the affected system. [1]

Executive Summary

This vulnerability occurs in the Altitude Communication Server due to improper handling of multiple HTTP requests sent over a single Keep-Alive connection using Content-Length headers. The server inconsistently analyzes these requests, causing a desynchronization between frontend and backend servers. This desynchronization can lead to issues such as request hiding, cache poisoning, or security bypass. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-41082. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart