- Description
- In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF).
- Source
- 10b61619-3869-496c-8a1e-f291b0e71e3f
- NVD status
- Analyzed
- Products
- freeflow_core
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
- Severity
- HIGH
- 10b61619-3869-496c-8a1e-f291b0e71e3f
- CWE-611
- Hype score
- Not currently trending
#exploit 1⃣ CVE-2025-54309: CrushFTP race condition vulnerability - https://t.co/pHgnXcUEnV 2⃣ CVE-2025-34030: sar2html 'plot' parameter RCE - https://t.co/vuvXIAdsFZ 3⃣ CVE-2025-8355/CVE-2025-8356: XXE Injection/Path Traversal in Xerox FreeFlow Core - https://t.co/J4B
@ksg93rd
29 Aug 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔒 Zoom and Xerox release critical patches for privilege escalation and remote execution flaws 🔍 Severe vulnerabilities have been fixed: one in Zoom (CVE-2025-49457, CVSS 9.6) allowing privilege escalation via insecure search, and two in Xerox FreeFlow Core (CVE-2025-8355, S
@tpx_Security
15 Aug 2025
100 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Warning: Xerox FreeFlow Core vulnerabilities CVE-2025-8355 and CVE-2025-8356 - Proof of Concept released - Patching Recommended Details: https://t.co/5ndHanUVYm #Patch #Patch #Patch
@CCBalert
14 Aug 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
『These vulnerabilities are easily exploitable and enable unauthenticated remote attackers to achieve remote code execution on vulnerable FreeFlow Core instances.』 #Xerox CVE-2025-8355、CVE-2025-8356 From Support Ticket to Zero Day https://t.co/HF8r8eC2tz
@autumn_good_35
13 Aug 2025
138 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Our latest disclosures for CVE-2025-8355 and CVE-2025-8356 - discovering a critical RCE in Xerox FreeFlow Core
@Horizon3Attack
13 Aug 2025
12880 Impressions
5 Retweets
61 Likes
17 Bookmarks
0 Replies
0 Quotes
Our latest disclosures for CVE-2025-8355 and CVE-2025-8356 - discovering a critical RCE in Xerox FreeFlow Core https://t.co/GOyasjmYCa https://t.co/0xNsPDozDU
@Horizon3Attack
13 Aug 2025
11462 Impressions
60 Retweets
155 Likes
54 Bookmarks
1 Reply
3 Quotes
CVE-2025-8355 (CVSS:7.5, HIGH) is Undergoing Analysis. In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker ..https://t.co/RC8ZuUGoge #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
13 Aug 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Xerox patches FreeFlow Core 8.0.4 to fix critical XXE and path traversal flaws causing SSRF and remote code execution risks. Vulnerabilities CVE-2025-8355 and CVE-2025-8356 addressed with help from researcher Jimi Sebree. #FreeFlow #RemoteCode #USA https://t.co/mUEIL8a9n2
@TweetThreatNews
11 Aug 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Xerox FreeFlow Core v8.0.4 has 2 critical flaws: 🛑 CVE-2025-8355 → SSRF 🛑 CVE-2025-8356 → Path Traversal → RCE 💡 Fix: Update to v8.0.5 now! Paxion Cybersecurity helps organizations stay ahead of threats like these. #CyberSecurity #Xerox #Infosec #RCE #SSRF https:
@PaxionCyber
11 Aug 2025
51 Impressions
3 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Xerox patches critical SSRF and remote code execution bugs CVE-2025-8355 & CVE-2025-8356 in FreeFlow Core 8.0.4. Upgrade to 8.0.5 to address system compromise risks. #XeroxSecurity #FreeFlowCore #USA https://t.co/k7LlfG5Ibg
@TweetThreatNews
11 Aug 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-8355 Server-Side Request Forgery (SSRF) in Xerox FreeFlow Core 8.0.4 via XML I... https://t.co/VWkmUBrSiH Vulnerability Notification: https://t.co/xhLrNnfyrO
@VulmonFeeds
8 Aug 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-8355 In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to… https://t.co/fzKoIWTnzi
@CVEnew
8 Aug 2025
279 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xerox:freeflow_core:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE1A3551-53C9-4604-953C-335A038BE68D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]