{"id":"CVE-2025-50578","details":"LinuxServer.io heimdall 2.6.3-ls307 contains a vulnerability in how it handles user-supplied HTTP headers, specifically `X-Forwarded-Host` and `Referer`. An unauthenticated remote attacker can manipulate these headers to perform Host Header Injection and Open Redirect attacks. This allows the loading of external resources from attacker-controlled domains and unintended redirection of users, potentially enabling phishing, UI redress, and session theft. The vulnerability exists due to insufficient validation and trust of untrusted input, affecting the integrity and trustworthiness of the application.","modified":"2026-04-10T05:30:04.143267Z","published":"2025-07-30T16:15:28.177Z","references":[{"type":"REPORT","url":"https://github.com/linuxserver/Heimdall/issues/1451"},{"type":"PACKAGE","url":"https://github.com/linuxserver/Heimdall"},{"type":"EVIDENCE","url":"https://medium.com/@juanfelipeoz.rar/cve-2025-50578-exploiting-host-header-injection-open-redirect-in-heimdall-application-733afceff2ea"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/linuxserver/docker-heimdall","events":[{"introduced":"0"},{"last_affected":"35f6b1f6d8d59f10acd52c83d5f9d9fef65c0445"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.6.3-ls307"}]}}],"versions":["1","1.4.17-pkg-08cae2ca-ls1","1.4.17-pkg-08cae2ca-ls2","1.4.17-pkg-08cae2ca-ls3","1.4.17-pkg-08cae2ca-ls4","1.4.17-pkg-08cae2ca-ls5","10","11","12","13","14","15","16","17","18","19","2","2.0.0-pkg-08cae2ca-ls5","2.0.1-pkg-08cae2ca-ls5","2.0.1-pkg-08cae2ca-ls6","2.0.2-pkg-08cae2ca-ls6","2.0.3-pkg-08cae2ca-ls6","2.0.3-pkg-08cae2ca-ls7","2.0.3-pkg-852a93c4-ls8","2.0.3-pkg-b25d9331-ls9","2.1.1-pkg-b25d9331-ls9","2.1.10-pkg-a3f4a643-ls14","2.1.11-pkg-1ae4109c-ls15","2.1.12-pkg-1ae4109c-ls15","2.1.12-pkg-1ae4109c-ls16","2.1.12-pkg-1ae4109c-ls17","2.1.12-pkg-36522071-ls18","2.1.12-pkg-36522071-ls19","2.1.12-pkg-7064d85d-ls23","2.1.12-pkg-905c8c63-ls21","2.1.12-pkg-af44ce28-ls20","2.1.12-pkg-c11a3ec1-ls22","2.1.13-ls41","2.1.13-ls42","2.1.13-ls43","2.1.13-ls44","2.1.13-ls45","2.1.13-pkg-0bfb028c-ls30","2.1.13-pkg-22b14c33-ls28","2.1.13-pkg-2d9b1002-ls34","2.1.13-pkg-327c9608-ls29","2.1.13-pkg-33e2ab22-ls35","2.1.13-pkg-3f3f92cf-ls33","2.1.13-pkg-60abd87f-ls26","2.1.13-pkg-60abd87f-ls27","2.1.13-pkg-6afe4b06-ls25","2.1.13-pkg-7064d85d-ls24","2.1.13-pkg-b5d1419d-ls39","2.1.13-pkg-d05c401f-ls36","2.1.13-pkg-d05c401f-ls37","2.1.13-pkg-d05c401f-ls38","2.1.13-pkg-d5c6327c-ls31","2.1.13-pkg-d5c6327c-ls32","2.1.13-pkg-f1f127e3-ls40","2.1.2-pkg-b25d9331-ls9","2.1.3-pkg-91878415-ls10","2.1.3-pkg-91878415-ls11","2.1.4-pkg-91878415-ls11","2.1.4-pkg-91878415-ls12","2.1.4-pkg-91878415-ls13","2.1.4-pkg-91878415-ls14","2.1.5-pkg-91878415-ls14","2.1.6-pkg-91878415-ls14","2.1.7-pkg-91878415-ls14","2.1.8-pkg-91878415-ls14","2.1.9-pkg-a3f4a643-ls14","2.2.0-ls45","2.2.0-ls46","2.2.1-ls47","2.2.2-ls100","2.2.2-ls101","2.2.2-ls102","2.2.2-ls103","2.2.2-ls104","2.2.2-ls105","2.2.2-ls106","2.2.2-ls107","2.2.2-ls108","2.2.2-ls109","2.2.2-ls110","2.2.2-ls111","2.2.2-ls112","2.2.2-ls113","2.2.2-ls114","2.2.2-ls115","2.2.2-ls116","2.2.2-ls117","2.2.2-ls118","2.2.2-ls119","2.2.2-ls120","2.2.2-ls121","2.2.2-ls122","2.2.2-ls123","2.2.2-ls124","2.2.2-ls125","2.2.2-ls126","2.2.2-ls127","2.2.2-ls128","2.2.2-ls129","2.2.2-ls130","2.2.2-ls131","2.2.2-ls132","2.2.2-ls133","2.2.2-ls134","2.2.2-ls135","2.2.2-ls136","2.2.2-ls137","2.2.2-ls138","2.2.2-ls139","2.2.2-ls140","2.2.2-ls141","2.2.2-ls142","2.2.2-ls143","2.2.2-ls144","2.2.2-ls145","2.2.2-ls146","2.2.2-ls148","2.2.2-ls149","2.2.2-ls150","2.2.2-ls151","2.2.2-ls152","2.2.2-ls153","2.2.2-ls154","2.2.2-ls155","2.2.2-ls156","2.2.2-ls157","2.2.2-ls158","2.2.2-ls159","2.2.2-ls160","2.2.2-ls47","2.2.2-ls48","2.2.2-ls49","2.2.2-ls50","2.2.2-ls51","2.2.2-ls52","2.2.2-ls53","2.2.2-ls54","2.2.2-ls55","2.2.2-ls56","2.2.2-ls57","2.2.2-ls58","2.2.2-ls59","2.2.2-ls60","2.2.2-ls61","2.2.2-ls62","2.2.2-ls63","2.2.2-ls64","2.2.2-ls65","2.2.2-ls66","2.2.2-ls67","2.2.2-ls68","2.2.2-ls69","2.2.2-ls70","2.2.2-ls71","2.2.2-ls72","2.2.2-ls73","2.2.2-ls74","2.2.2-ls75","2.2.2-ls76","2.2.2-ls77","2.2.2-ls78","2.2.2-ls79","2.2.2-ls80","2.2.2-ls81","2.2.2-ls82","2.2.2-ls83","2.2.2-ls84","2.2.2-ls85","2.2.2-ls86","2.2.2-ls87","2.2.2-ls88","2.2.2-ls89","2.2.2-ls90","2.2.2-ls91","2.2.2-ls92","2.2.2-ls93","2.2.2-ls94","2.2.2-ls95","2.2.2-ls96","2.2.2-ls97","2.2.2-ls98","2.2.2-ls99","20","21","22","23","24","25","26","27","28","29","3","30","31","32","33","34","35","36","37","38","39","4","40","41","42","43","44","45","46","47","48","49","5","50","51","52","53","54","55","56","57","58","59","6","60","61","62","63","64","65","66","67","68","69","7","70","71","72","73","74","75","76","77","8","9","V2.4.5-ls164","V2.5.8-ls238","V2.5.8-ls239","V2.5.8-ls240","V2.5.8-ls241","V2.5.8-ls242","V2.5.8-ls243","V2.5.8-ls244","V2.5.8-ls245","V2.5.8-ls246","V2.5.8-ls247","V2.5.8-ls248","V2.5.8-ls249","V2.5.8-ls250","V2.5.8-ls251","V2.5.8-ls252","v2.3.0-ls161","v2.3.1-ls161","v2.3.1-ls162","v2.3.1-ls163","v2.3.2-ls163","v2.4.0-ls164","v2.4.1-ls164","v2.4.10-ls166","v2.4.10-ls167","v2.4.11-ls167","v2.4.12-ls167","v2.4.12-ls168","v2.4.12-ls169","v2.4.12-ls170","v2.4.12-ls171","v2.4.12-ls172","v2.4.12-ls173","v2.4.12-ls174","v2.4.12-ls175","v2.4.12-ls176","v2.4.13-ls176","v2.4.13-ls177","v2.4.13-ls178","v2.4.13-ls179","v2.4.13-ls180","v2.4.13-ls181","v2.4.13-ls182","v2.4.13-ls183","v2.4.13-ls184","v2.4.13-ls185","v2.4.13-ls186","v2.4.13-ls187","v2.4.13-ls188","v2.4.13-ls189","v2.4.13-ls190","v2.4.14-ls191","v2.4.15-ls191","v2.4.15-ls192","v2.4.15-ls193","v2.4.15-ls194","v2.4.2-ls164","v2.4.3-ls164","v2.4.4-ls164","v2.4.6-ls164","v2.4.7b-ls165","v2.4.8-ls165","v2.4.9-ls166","v2.5.0-ls194","v2.5.1-ls194","v2.5.1-ls195","v2.5.2-ls195","v2.5.2-ls196","v2.5.3-ls196","v2.5.3-ls197","v2.5.4-ls197","v2.5.4-ls198","v2.5.5-ls198","v2.5.5-ls199","v2.5.5-ls200","v2.5.5-ls201","v2.5.5-ls202","v2.5.5-ls203","v2.5.5-ls204","v2.5.5-ls205","v2.5.5-ls206","v2.5.6-ls207","v2.5.6-ls208","v2.5.6-ls209","v2.5.6-ls210","v2.5.6-ls211","v2.5.6-ls212","v2.5.6-ls213","v2.5.6-ls214","v2.5.6-ls215","v2.5.6-ls216","v2.5.6-ls217","v2.5.6-ls218","v2.5.6-ls219","v2.5.6-ls220","v2.5.6-ls221","v2.5.6-ls222","v2.5.6-ls223","v2.5.6-ls224","v2.5.6-ls225","v2.5.6-ls226","v2.5.6-ls227","v2.5.6-ls228","v2.5.6-ls229","v2.5.6-ls230","v2.5.6-ls231","v2.5.6-ls232","v2.5.6-ls233","v2.5.6-ls234","v2.5.6-ls235","v2.5.6-ls236","v2.5.7-ls236","v2.5.7-ls237","v2.5.7-ls238","v2.6.0-ls253","v2.6.1-ls253","v2.6.1-ls254","v2.6.1-ls255","v2.6.1-ls256","v2.6.1-ls257","v2.6.1-ls258","v2.6.1-ls259","v2.6.1-ls260","v2.6.1-ls261","v2.6.1-ls262","v2.6.1-ls263","v2.6.1-ls264","v2.6.1-ls265","v2.6.1-ls266","v2.6.1-ls267","v2.6.1-ls268","v2.6.1-ls269","v2.6.1-ls270","v2.6.1-ls271","v2.6.1-ls272","v2.6.1-ls273","v2.6.1-ls274","v2.6.1-ls275","v2.6.1-ls276","v2.6.1-ls277","v2.6.1-ls278","v2.6.1-ls279","v2.6.1-ls280","v2.6.1-ls281","v2.6.1-ls282","v2.6.1-ls283","v2.6.1-ls284","v2.6.1-ls285","v2.6.1-ls286","v2.6.1-ls287","v2.6.2-ls287","v2.6.3-ls287","v2.6.3-ls288","v2.6.3-ls289","v2.6.3-ls290","v2.6.3-ls291","v2.6.3-ls292","v2.6.3-ls293","v2.6.3-ls294","v2.6.3-ls295","v2.6.3-ls296","v2.6.3-ls297","v2.6.3-ls298","v2.6.3-ls299","v2.6.3-ls300","v2.6.3-ls301","v2.6.3-ls302","v2.6.3-ls303","v2.6.3-ls304","v2.6.3-ls305","v2.6.3-ls306","v2.6.3-ls307"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-50578.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}