← Back

CVE-2024-55925

nvd nist
Published: Jan 23, 2025Modified: Feb 28, 2026

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: 10b61619-3869-496c-8a1e-f291b0e71e3f (Secondary)

Description

In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the Host header. If the server improperly validates or trusts the Host header without verifying the actual destination, an attacker can forge a value to gain unauthorized access. This exploit targets improper host validation, potentially exposing sensitive API endpoints.

Affected (1)

Xerox
1 product
Workplace Suite
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Workplace Suite
Before 5.6.701.9

Related CWEs

CWE-290
Authentication Bypass by Spoofing
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

References (1)

Source: 10b61619-3869-496c-8a1e-f291b0e71e3f
Vendor Advisory

Timeline

No history available yet.