CVE-2020-25901

MEDIUM

Spiceworks 7.5.7.0 - Open Redirect via Host Header Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-25901. PoCs published by Ramikan.

AI-analyzed exploit summary This exploit demonstrates a Host Header Injection vulnerability in Spiceworks 7.5.7.0, allowing an attacker to manipulate the Host header to redirect users to arbitrary domains. The PoC includes HTTP requests and responses showing the injection and subsequent redirection.

Description

Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.

Exploits (1)

exploitdb WORKING POC

by Ramikan · textwebappswindows

https://www.exploit-db.com/exploits/49299

View Code ZIP pw:eip

This exploit demonstrates a Host Header Injection vulnerability in Spiceworks 7.5.7.0, allowing an attacker to manipulate the Host header to redirect users to arbitrary domains. The PoC includes HTTP requests and responses showing the injection and subsequent redirection.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Spiceworks 7.5.7.0

No auth needed

Prerequisites: Network access to the target Spiceworks instance

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/Ramikan/Vulnerabilities/blob/master/Spiceworks%20version%207.5%20HTTP%20Header%20Injection

View Exploit ZIP pw:eip

Exploit, Technical Description, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/160631/Spiceworks-7.5-HTTP-Header-Injection.html

Exploit, Vendor Advisory x_refsource_misc

https://frontend.spiceworks.com/topic/2309457-desktop-host-header-injection-vulnerability

Scores

CVSS v3 6.1

EPSS 0.0508

EPSS Percentile 91.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-601

Status published

Products (1)

spiceworks/spiceworks 7.5.7.0

Published Dec 18, 2020

Tracked Since Feb 18, 2026