AI description
CVE-2025-8355 is an XML External Entity (XXE) processing flaw found in Xerox FreeFlow Core version 8.0.4. The vulnerability stems from improper handling of XML input, which allows injection of external entities. An attacker can exploit this vulnerability by crafting malicious XML containing references to internal URLs, leading to a Server-Side Request Forgery (SSRF) attack. This enables the attacker to force the server to make unintended requests to internal or external resources, potentially exposing sensitive information or accessing restricted network services. Xerox has released a security update in FreeFlow Core version 8.0.5 to address this vulnerability.
- Description
- In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF).
- Source
- 10b61619-3869-496c-8a1e-f291b0e71e3f
- NVD status
- Analyzed
- Products
- freeflow_core
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
- Severity
- HIGH
- 10b61619-3869-496c-8a1e-f291b0e71e3f
- CWE-611
- Hype score
- Not currently trending
🔒 Zoom and Xerox release critical patches for privilege escalation and remote execution flaws 🔍 Severe vulnerabilities have been fixed: one in Zoom (CVE-2025-49457, CVSS 9.6) allowing privilege escalation via insecure search, and two in Xerox FreeFlow Core (CVE-2025-8355, S
@tpx_Security
15 Aug 2025
100 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Warning: Xerox FreeFlow Core vulnerabilities CVE-2025-8355 and CVE-2025-8356 - Proof of Concept released - Patching Recommended Details: https://t.co/5ndHanUVYm #Patch #Patch #Patch
@CCBalert
14 Aug 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
『These vulnerabilities are easily exploitable and enable unauthenticated remote attackers to achieve remote code execution on vulnerable FreeFlow Core instances.』 #Xerox CVE-2025-8355、CVE-2025-8356 From Support Ticket to Zero Day https://t.co/HF8r8eC2tz
@autumn_good_35
13 Aug 2025
138 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Our latest disclosures for CVE-2025-8355 and CVE-2025-8356 - discovering a critical RCE in Xerox FreeFlow Core
@Horizon3Attack
13 Aug 2025
12880 Impressions
5 Retweets
61 Likes
17 Bookmarks
0 Replies
0 Quotes
Our latest disclosures for CVE-2025-8355 and CVE-2025-8356 - discovering a critical RCE in Xerox FreeFlow Core https://t.co/GOyasjmYCa https://t.co/0xNsPDozDU
@Horizon3Attack
13 Aug 2025
11462 Impressions
60 Retweets
155 Likes
54 Bookmarks
1 Reply
3 Quotes
CVE-2025-8355 (CVSS:7.5, HIGH) is Undergoing Analysis. In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker ..https://t.co/RC8ZuUGoge #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
13 Aug 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Xerox patches FreeFlow Core 8.0.4 to fix critical XXE and path traversal flaws causing SSRF and remote code execution risks. Vulnerabilities CVE-2025-8355 and CVE-2025-8356 addressed with help from researcher Jimi Sebree. #FreeFlow #RemoteCode #USA https://t.co/mUEIL8a9n2
@TweetThreatNews
11 Aug 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Xerox FreeFlow Core v8.0.4 has 2 critical flaws: 🛑 CVE-2025-8355 → SSRF 🛑 CVE-2025-8356 → Path Traversal → RCE 💡 Fix: Update to v8.0.5 now! Paxion Cybersecurity helps organizations stay ahead of threats like these. #CyberSecurity #Xerox #Infosec #RCE #SSRF https:
@PaxionCyber
11 Aug 2025
51 Impressions
3 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Xerox patches critical SSRF and remote code execution bugs CVE-2025-8355 & CVE-2025-8356 in FreeFlow Core 8.0.4. Upgrade to 8.0.5 to address system compromise risks. #XeroxSecurity #FreeFlowCore #USA https://t.co/k7LlfG5Ibg
@TweetThreatNews
11 Aug 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-8355 Server-Side Request Forgery (SSRF) in Xerox FreeFlow Core 8.0.4 via XML I... https://t.co/VWkmUBrSiH Vulnerability Notification: https://t.co/xhLrNnfyrO
@VulmonFeeds
8 Aug 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-8355 In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to… https://t.co/fzKoIWTnzi
@CVEnew
8 Aug 2025
279 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xerox:freeflow_core:8.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DE1A3551-53C9-4604-953C-335A038BE68D"
}
],
"operator": "OR"
}
]
}
]