CVE-2025-41082
Unknown Unknown - Not Provided

HTTP Request Desynchronization Vulnerability in Altitude Server

Vulnerability report for CVE-2025-41082, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-26

Last updated on: 2026-01-26

Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)

Description

Illegal HTTP request traffic vulnerability (CL.0) in Altitude Communication Server, caused by inconsistent analysis of multiple HTTP requests over a single Keep-Alive connection using Content-Length headers. This can cause a desynchronization of requests between frontend and backend servers, which could allow request hiding, cache poisoning or security bypass.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-26
Last Modified
2026-01-26
Generated
2026-07-06
AI Q&A
2026-01-26
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
altitude communication_server *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-444 The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Impact Analysis

The vulnerability can impact you by allowing attackers to hide malicious requests, poison caches, or bypass security controls. This can lead to unauthorized access, data manipulation, or other security breaches within the affected system. [1]

Executive Summary

This vulnerability occurs in the Altitude Communication Server due to improper handling of multiple HTTP requests sent over a single Keep-Alive connection using Content-Length headers. The server inconsistently analyzes these requests, causing a desynchronization between frontend and backend servers. This desynchronization can lead to issues such as request hiding, cache poisoning, or security bypass. [1]

Mitigation Strategies

No solution or mitigation steps have been reported yet for this vulnerability. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-41082. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart