CVE-2025-0178

EPSS 0.14%
Published 14.02.2025 14:15:32
Last modified 14.02.2025 14:15:32
Source 5d1c2695-1a31-4499-88ae-e84703
Teams watchlist Login
Open Login

Improper Input Validation vulnerability in WatchGuard Fireware OS allows an attacker to manipulate the value of the HTTP Host header in requests sent to the Web UI. An attacker could exploit this vulnerability to redirect users to malicious websites, poison the web cache, or inject malicious JavaScript into responses sent by the Web UI.
This issue affects Fireware OS: from 12.0 up to and including 12.11.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorWatchGuard

≫

Product Fireware OS

Default Statusunaffected

Version <= 12.5.12+701324

Version 12.0

Status affected

Version <= 12.11

Version 12.6.0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.14%	0.349

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
5d1c2695-1a31-4499-88ae-e847036fd7e3	5.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00003

https://nvd.nist.gov/vuln/detail/CVE-2025-0178

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-0178

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-0178

EUVD