Cyber Resilience

CVE-2024-55930

Medium

Published: 23 January 2025

Published
23 January 2025
Modified
30 January 2026
KEV Added
Patch
CVSS Score v3.1 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0028 19.9th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2024-55930 is a medium-severity Incorrect Default Permissions (CWE-276) vulnerability in Xerox Workplace Suite. Its CVSS base score is 6.7 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Services File Permissions Weakness (T1574.010); ranked at the 19.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and CM-6 (Configuration Settings).

Deeper analysis

CVE-2024-55930 affects Xerox Workplace Suite, where weak default folder permissions (CWE-276) allow unauthorized users to access, modify, or delete files. The vulnerability received a CVSS v3.1 base score of 6.7 (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-01-23.

Exploitation requires local access (AV:L) with high privileges (PR:H) and low complexity (AC:L), with no user interaction needed (UI:N). A successful attacker can achieve high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) within the unchanged scope (S:U) by leveraging the improper permissions to manipulate sensitive files.

Xerox Security Bulletin XRX25-002 provides details on mitigations for Xerox Workplace Suite and is available at https://securitydocs.business.xerox.com/wp-content/uploads/2025/01/Xerox-Security-Bulletin-XRX25-002-for-Xerox%C2%AE-WorkplaceSuite%C2%AE.pdf.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.010 Services File Permissions Weakness Stealth
Adversaries may execute their own malicious payloads by hijacking the binaries used by services.
Why these techniques?

Weak default folder permissions (CWE-276) directly match File System Permissions Weakness, enabling local file access/modification/deletion.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-55925Same product: Xerox Workplace Suite
CVE-2024-55926Same product: Xerox Workplace Suite
CVE-2024-55927Same product: Xerox Workplace Suite
CVE-2024-55928Same product: Xerox Workplace Suite
CVE-2025-8356Same vendor: Xerox
CVE-2026-2252Same vendor: Xerox
CVE-2026-2251Same vendor: Xerox
CVE-2026-44468Shared CWE-276
CVE-2025-7024Shared CWE-276
CVE-2024-49732Shared CWE-276

Affected Assets

xerox
workplace suite
≤ 5.6.701.9

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates establishing and implementing secure configuration settings for file system folder permissions to remediate weak defaults allowing unauthorized access, modification, or deletion.

prevent

Enforces approved authorizations for logical access to system resources such as folders and files, preventing exploitation of weak permissions by unauthorized or overly privileged users.

prevent

Restricts privileges to the minimum necessary, limiting the scope of high-privilege (PR:H) users who could exploit weak folder permissions to access or manipulate sensitive files.

References