Security Advisory

CVE-2024-55925

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-01-23 17:03:33

Last updated 2025-09-17 16:49:42

Assigner Xerox

State PUBLISHED

Description

In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the Host header. If the server improperly validates or trusts the Host header without verifying the actual destination, an attacker can forge a value to gain unauthorized access. This exploit targets improper host validation, potentially exposing sensitive API endpoints.

← Browse all CVEs View on cve.org ↗