Heimdall - Host Header Injection & Open Redirect
CVE-2025-50578
Verified
Description
LinuxServer.io Heimdall 2.6.3-ls307 contains a host header injection caused by improper validation of user-supplied HTTP headers `X-Forwarded-Host` and `Referer`, letting unauthenticated remote attackers perform host header injection and open redirect attacks, exploit requires no special privileges.
Severity
Medium
Published Date
April 1, 2026
Template Author
dhiyaneshdk
CVE-2025-50578.yaml
id: CVE-2025-50578
info:
name: Heimdall - Host Header Injection & Open Redirect
author: DhiyaneshDk
severity: medium
description: |
LinuxServer.io Heimdall 2.6.3-ls307 contains a host header injection caused by improper validation of user-supplied HTTP headers `X-Forwarded-Host` and `Referer`, letting unauthenticated remote attackers perform host header injection and open redirect attacks, exploit requires no special privileges.
impact: |
Unauthenticated attackers can redirect users to malicious sites, enabling phishing, UI redress, and session theft.
remediation: |
Update to the latest version of Heimdall.
reference:
- https://github.com/linuxserver/Heimdall/issues/1451
- https://medium.com/@juanfelipeoz.rar/cve-2025-50578-exploiting-host-header-injection-open-redirect-in-heimdall-application-733afceff2ea
metadata:
verified: true
max-request: 1
shodan-query: html:"Heimdall"
tags: cve,cve2025,heimdall,redirect,host-header,oos
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
X-Forwarded-Host: interact.sh
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<script src="http://interact.sh/'
- 'Heimdall'
condition: and
- type: status
status:
- 200
# digest: 4a0a00473045022100c9868fe6b485b6358c63428e38a08fac5bac18904dacd998c54c85cc41e53b6802204cf05b3bff06fcbaeb3ceaa160d4bf27bf71bb5a3ae47bf764c793d4fba541e7:922c64590222798bb761d5b6d8e72950Remediation Steps
Update to the latest version of Heimdall.