CVE-2024-55925

Published Jan 23, 2025

Last updated 3 days ago

CVSS high 7.5

Overview

Description
In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the Host header. If the server improperly validates or trusts the Host header without verifying the actual destination, an attacker can forge a value to gain unauthorized access. This exploit targets improper host validation, potentially exposing sensitive API endpoints.
Source
10b61619-3869-496c-8a1e-f291b0e71e3f
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
HIGH

Weaknesses

10b61619-3869-496c-8a1e-f291b0e71e3f
CWE-287

Social media

Hype score
Not currently trending

  1. New post from https://t.co/uXvPWJy6tj (CVE-2024-55925 | Xerox Workplace Suite prior 5.6.701.9 API improper authentication) has been published on https://t.co/DOdHH1PTON

    @WolfgangSesin

    23 Jan 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References