CVE-2025-0178 MEDIUM

CVE-2025-0178: WatchGaurd Firebox Host Header Injection Vulnerability

Vendor Watchguard

Product Fireware OS

Weakness CWE-20 · Input validation

Published February 14, 2025

Last update February 14, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L

What the vulnerability does

01Description

Improper Input Validation vulnerability in WatchGuard Fireware OS allows an attacker to manipulate the value of the HTTP Host header in requests sent to the Web UI. An attacker could exploit this vulnerability to redirect users to malicious websites, poison the web cache, or inject malicious JavaScript into responses sent by the Web UI. This issue affects Fireware OS: from 12.0 up to and including 12.11.

Key dates

02Disclosure timeline

February 14, 2025 CVE published

February 14, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-0178 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

Identifiers

CVE CVE-2025-0178

CWE CWE-20

CVSS 5.1 / MEDIUM

Affected versions

Vendor Watchguard

Product Fireware OS

Affected ≥ 12.0 and ≤ 12.5.12+701324

Vendor Watchguard

Product Fireware OS

Affected ≥ 12.6.0 and ≤ 12.11

CVE-2025-0178: WatchGaurd Firebox Host Header Injection Vulnerability

01Description

02Disclosure timeline

03References

04Related CVE