1. Home
  2. CVE Database
  3. CVE-2025-0178
MEDIUM · 6.1

CVE-2025-0178

Improper Input Validation vulnerability in WatchGuard Fireware OS allows an attacker to manipulate the value of the HTTP Host header in requests sent to the Web UI. An attacker could exploit this vuln...

Vulnerability Description

Improper Input Validation vulnerability in WatchGuard Fireware OS allows an attacker to manipulate the value of the HTTP Host header in requests sent to the Web UI. An attacker could exploit this vulnerability to redirect users to malicious websites, poison the web cache, or inject malicious JavaScript into responses sent by the Web UI. This issue affects Fireware OS: from 12.0 up to and including 12.11.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
WatchguardFireware>= 12.5, < 12.5.13
WatchguardFirebox T15All versions
WatchguardFirebox T35All versions
WatchguardFirebox M270All versions
WatchguardFirebox M290All versions
WatchguardFirebox M370All versions
WatchguardFirebox M390All versions
WatchguardFirebox M440All versions
WatchguardFirebox M4600All versions
WatchguardFirebox M470All versions
WatchguardFirebox M4800All versions
WatchguardFirebox M5600All versions
WatchguardFirebox M570All versions
WatchguardFirebox M5800All versions
WatchguardFirebox M590All versions
WatchguardFirebox M670All versions
WatchguardFirebox M690All versions
WatchguardFirebox Nv5All versions
WatchguardFirebox T20All versions
WatchguardFirebox T25All versions

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2025-0178?

CVE-2025-0178 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Improper Input Validation vulnerability in WatchGuard Fireware OS allows an attacker to manipulate the value of the HTTP Host header in requests sent to the Web UI. An attacker could exploit this vuln...

How severe is CVE-2025-0178?

CVE-2025-0178 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-0178?

Check the references section above for vendor advisories and patch information. Affected products include: Watchguard Fireware, Watchguard Firebox T15, Watchguard Firebox T35, Watchguard Firebox M270, Watchguard Firebox M290.