CVE-2025-50578

Heimdall 2.6.3-ls307 (LinuxServer.io) contains a vulnerability in handling user-supplied HTTP headers, specifically X-Forwarded-Host and Referer. An unauthenticated remote attacker can manipulate these headers to perform Host Header Injection and Open Redirects, enabling loading of external resou...