CVE-2025-0178

Medium CVSS: 5.1

Improper Input Validation vulnerability in WatchGuard Fireware OS allows an attacker to manipulate the value of the HTTP Host header in requests sent to the Web UI. An attacker could exploit this vulnerability to redirect users to malicious websites, poison the web cache, or inject malicious JavaScript into responses sent by the Web UI.
This issue affects Fireware OS: from 12.0 up to and including 12.11.

Vendor

Watchguard

Product

Fireware

CWE

CWE-20

Yayın Tarihi

2025-02-14 14:15:32

Güncelleme

2026-03-02 19:07:18

Source Identifier

5d1c2695-1a31-4499-88ae-e847036fd7e3

KEV Date Added

Kategoriler

CWE-20 Fireware MEDIUM Watchguard 2025

Referanslar

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00003

Benzer Kayıtlar

Medium

CVE-2026-3343

A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript…

Medium

CVE-2026-3344

A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and…

High

CVE-2026-3342

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an authenticated privileged administrator to ex…

Critical

CVE-2025-14733

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute ar…

Medium

CVE-2025-6946

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard…

Medium

CVE-2025-13939

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard…