Cyber Resilience

CVE-2024-55925

High

Published: 23 January 2025

Published
23 January 2025
Modified
28 February 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0008 24.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-55925 is a high-severity Authentication Bypass by Spoofing (CWE-290) vulnerability in Xerox Workplace Suite. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 24.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2024-55925 is a vulnerability in Xerox Workplace Suite that allows bypass of an API restricted to specific hosts through manipulation of the Host header. The issue stems from improper validation of the Host header, where the server trusts the forged value without verifying the actual destination IP or hostname. This improper host validation (CWE-290) can expose sensitive API endpoints to unauthorized access.

The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating it is exploitable remotely over the network with low complexity, no privileges or user interaction required. An unauthenticated attacker can craft HTTP requests with a spoofed Host header to trick the server into granting access to restricted APIs, potentially leading to high confidentiality impacts such as disclosure of sensitive data hosted by the endpoints.

Xerox has published Security Bulletin XRX25-002 addressing this issue in Workplace Suite, available at https://securitydocs.business.xerox.com/wp-content/uploads/2025/01/Xerox-Security-Bulletin-XRX25-002-for-Xerox%C2%AE-WorkplaceSuite%C2%AE.pdf. Security practitioners should consult the bulletin for details on affected versions, patch availability, and recommended mitigations.

EU & UK References

Vulnerability details

In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the Host header. If the server improperly validates or trusts the Host header without verifying the actual destination, an attacker can forge a value to…

more

gain unauthorized access. This exploit targets improper host validation, potentially exposing sensitive API endpoints.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Direct remote exploitation of public-facing Xerox Workplace Suite via Host header spoofing to bypass IP/hostname restrictions and access sensitive APIs (CWE-290).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-55927Same product: Xerox Workplace Suite
CVE-2024-55926Same product: Xerox Workplace Suite
CVE-2024-55930Same product: Xerox Workplace Suite
CVE-2024-55928Same product: Xerox Workplace Suite
CVE-2026-2252Same vendor: Xerox
CVE-2026-2251Same vendor: Xerox
CVE-2026-0834Shared CWE-290
CVE-2026-33131Shared CWE-290
CVE-2026-24372Shared CWE-290
CVE-2025-27671Shared CWE-290

Affected Assets

xerox
workplace suite
≤ 5.6.701.9

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 mandates validation of information inputs like the Host header, directly preventing bypass of host-restricted APIs by ensuring the header matches the actual destination.

prevent

AC-3 enforces approved authorizations for logical access to resources, mitigating unauthorized API access resulting from flawed host header trust.

preventdetect

SC-7 controls communications at system boundaries, enabling inspection and blocking of spoofed Host headers targeting restricted endpoints.

References