Browse all 23 CVE security advisories affecting Xerox. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Xerox Corporation operates primarily as a provider of document management technologies, including multifunction printers and enterprise software solutions. With twenty-three recorded Common Vulnerabilities and Exposures (CVEs), the company’s historical attack surface has frequently involved remote code execution, cross-site scripting, and privilege escalation flaws within its web-based management interfaces and embedded firmware. These vulnerabilities often stem from insufficient input validation and weak authentication mechanisms in legacy systems. While no catastrophic data breaches have defined its public security history, the persistent presence of critical flaws in network-connected devices highlights ongoing challenges in securing embedded Linux environments. Security researchers continue to identify risks in Xerox’s document workflow software, emphasizing the need for rigorous patch management and network segmentation to mitigate potential exploitation by threat actors targeting enterprise infrastructure.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-55931 | Token stored in session storage — Xerox Workplace SuiteCWE-922 | 6.5 | Medium | 2025-01-27 |
| CVE-2024-55930 | Weak default folder permissions — Xerox Workplace SuiteCWE-276 | 6.7 | Medium | 2025-01-23 |
| CVE-2024-55929 | Mail spoofing — Xerox Workplace SuiteCWE-345 | 5.3 | Medium | 2025-01-23 |
| CVE-2024-55928 | Clear text secrets returned & Remote system secrets in clear text — Xerox Workplace SuiteCWE-312 | 6.5 | Medium | 2025-01-23 |
| CVE-2024-55927 | Flawed token generation implementation & Hard-coded key implementation — Xerox Workplace SuiteCWE-798 | 7.6 | High | 2025-01-23 |
| CVE-2024-55926 | Arbitrary file upload, deletion and read through header manipulation — Xerox Workplace SuiteCWE-434 | 7.6 | High | 2025-01-23 |
| CVE-2024-55925 | API Security bypass through header manipulation — Xerox Workplace SuiteCWE-290 | 7.5 | High | 2025-01-23 |
This page lists every published CVE security advisory associated with Xerox. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.