CVE-2024-55925

High

Published: 23 January 2025

Published

23 January 2025

Modified

28 February 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0008 24.4th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-55925 is a high-severity Authentication Bypass by Spoofing (CWE-290) vulnerability in Xerox Workplace Suite. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 24.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

SI-10 mandates validation of information inputs like the Host header, directly preventing bypass of host-restricted APIs by ensuring the header matches the actual destination.

AC-3 Access Enforcement good match

prevent

AC-3 enforces approved authorizations for logical access to resources, mitigating unauthorized API access resulting from flawed host header trust.

SC-7 Boundary Protection partial match

preventdetect

SC-7 controls communications at system boundaries, enabling inspection and blocking of spoofed Host headers targeting restricted endpoints.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Direct remote exploitation of public-facing Xerox Workplace Suite via Host header spoofing to bypass IP/hostname restrictions and access sensitive APIs (CWE-290).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the Host header. If the server improperly validates or trusts the Host header without verifying the actual destination, an attacker can forge a value to…

gain unauthorized access. This exploit targets improper host validation, potentially exposing sensitive API endpoints.

Deeper analysisAI

CVE-2024-55925 is a vulnerability in Xerox Workplace Suite that allows bypass of an API restricted to specific hosts through manipulation of the Host header. The issue stems from improper validation of the Host header, where the server trusts the forged value without verifying the actual destination IP or hostname. This improper host validation (CWE-290) can expose sensitive API endpoints to unauthorized access.

The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating it is exploitable remotely over the network with low complexity, no privileges or user interaction required. An unauthenticated attacker can craft HTTP requests with a spoofed Host header to trick the server into granting access to restricted APIs, potentially leading to high confidentiality impacts such as disclosure of sensitive data hosted by the endpoints.

Xerox has published Security Bulletin XRX25-002 addressing this issue in Workplace Suite, available at https://securitydocs.business.xerox.com/wp-content/uploads/2025/01/Xerox-Security-Bulletin-XRX25-002-for-Xerox%C2%AE-WorkplaceSuite%C2%AE.pdf. Security practitioners should consult the bulletin for details on affected versions, patch availability, and recommended mitigations.