CVE-2025-41082

Published: Jan 26, 2026

Modified: Jan 26, 2026

PUBLISHED

Description

Illegal HTTP request traffic vulnerability (CL.0) in Altitude Communication Server, caused by inconsistent analysis of multiple HTTP requests over a single Keep-Alive connection using Content-Length headers. This can cause a desynchronization of requests between frontend and backend servers, which could allow request hiding, cache poisoning or security bypass.

Vendor	Product	Versions
Altitude	Altitude Communication Server	affected `all versions`

Weaknesses (CWE)

CWE-444

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-altitude-communication-server

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-41082

Description

Affected Products

Weaknesses (CWE)

References