cvedb.io
CVE-2024-55925
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2025-01-23T17:15:15.380 · Last modified 2026-06-17T08:11:27.620

Summary

In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the Host header. If the server improperly validates or trusts the Host header without verifying the actual destination, an attacker can forge a value to gain unauthorized access. This exploit targets improper host validation, potentially exposing sensitive API endpoints.

Affected products

xerox — workplace_suite

Does this affect you?

Add your gear to cvedb and we'll alert you only when xerox ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.