Open redirect via header injectoin. Is this a vulnerbility?

I’m working on a site and Ive found a few pages that vulnerable to open redirect when you add the
x-foward-host:evil.com it redirects to evil.com/index.php. Is this really a vulnerability. For this to be executed in the wild, the attacker would need to perform a MITM attack right? If the attacker was performing MITM they could redirect the victim to what ever site they want regardless of the vulnerable page, correct?

Is there anyway to inject a header with out mitm? I tried playing around with line returns, and http response splitting. Any advice would be much appreciated.

I think if attacker doing MITM it is not necessary for him to inject headers for redirecting a victim, he can force victim to visit vulnerable page much easier (simply change any server response to 302 redirect for example). So no, I think it is not security vulnerability.