PT-2026-4739 · Unknown · Altitude Authentication Service+1
Published
2026-01-26
·
Updated
2026-01-26
·
CVE-2025-41083
CVSS v4.0
5.1
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
Name of the Vulnerable Software and Affected Versions
Altitude Authentication Service and Altitude Communication Server version 8.5.3290.0
Description
A flaw exists in Altitude Authentication Service and Altitude Communication Server version 8.5.3290.0 that allows manipulation of the Host header in HTTP requests. This manipulation can lead to redirection to an arbitrary URL or modification of the base URL, potentially tricking users into submitting login credentials to a malicious website controlled by an attacker. The issue involves redirecting clients to attacker-controlled endpoints. The
Host header is the vulnerable parameter.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Altitude Authentication Service
Altitude Communication Server