CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-55925: API Security bypass through header manipulation

6.5 CVSS

Description

In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the Host header. If the server improperly validates or trusts the Host header without verifying the actual destination, an attacker can forge a value to gain unauthorized access. This exploit targets improper host validation, potentially exposing sensitive API endpoints.

Classification

CVE ID: CVE-2024-55925

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.5

Affected Products

Vendor: Xerox

Product: Xerox Workplace Suite

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.72% (scored less or equal to compared to others)

EPSS Date: 2025-02-25 (when was this score calculated)

References

https://securitydocs.business.xerox.com/wp-content/uploads/2025/01/Xerox-Security-Bulletin-XRX25-002-for-Xerox%C2%AE-Workplace-Suite%C2%AE.pdf

Timeline

2025-01-28 00:30:35 UTC
CVE

API Security bypass through header manipulation