CVE-2025-50578

July 30, 2025 invoker category_cve

CVE Details

Basic Information

Title CVE-2025-50578
Type cve
Published 2025-07-30T16:15:28
Last Seen 2025-07-30T16:55:08
Modified 2025-07-30T16:15:28

CVSS Information

Base Score 9.8 (CRITICAL)
Attack Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Additional Information

CVE List CVE-2025-50578
CWE List CWE-601, CWE-20, CWE-74
Bulletin Family cve

Description

LinuxServer.io heimdall 2.6.3-ls307 contains a vulnerability in how it handles user-supplied HTTP headers, specifically X-Forwarded-Host and Referer. An unauthenticated remote attacker can manipulate these headers to perform Host Header Injection…

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.