AI description
CVE-2025-8356 is a path traversal vulnerability found in Xerox FreeFlow Core version 8.0.4. It allows an attacker to access unauthorized files on the server. This vulnerability can lead to Remote Code Execution (RCE), potentially allowing an attacker to run arbitrary commands on the system. The vulnerability is due to improper limitation of a pathname to a restricted directory, where the product does not properly neutralize special elements within the pathname.
- Description
- In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system.
- Source
- 10b61619-3869-496c-8a1e-f291b0e71e3f
- NVD status
- Analyzed
- Products
- freeflow_core
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- 10b61619-3869-496c-8a1e-f291b0e71e3f
- CWE-22
- Hype score
- Not currently trending
Warning: Xerox FreeFlow Core vulnerabilities CVE-2025-8355 and CVE-2025-8356 - Proof of Concept released - Patching Recommended Details: https://t.co/5ndHanUVYm #Patch #Patch #Patch
@CCBalert
14 Aug 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
『These vulnerabilities are easily exploitable and enable unauthenticated remote attackers to achieve remote code execution on vulnerable FreeFlow Core instances.』 #Xerox CVE-2025-8355、CVE-2025-8356 From Support Ticket to Zero Day https://t.co/HF8r8eC2tz
@autumn_good_35
13 Aug 2025
138 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Our latest disclosures for CVE-2025-8355 and CVE-2025-8356 - discovering a critical RCE in Xerox FreeFlow Core
@Horizon3Attack
13 Aug 2025
12880 Impressions
5 Retweets
61 Likes
17 Bookmarks
0 Replies
0 Quotes
Our latest disclosures for CVE-2025-8355 and CVE-2025-8356 - discovering a critical RCE in Xerox FreeFlow Core https://t.co/GOyasjmYCa https://t.co/0xNsPDozDU
@Horizon3Attack
13 Aug 2025
11462 Impressions
60 Retweets
155 Likes
54 Bookmarks
1 Reply
3 Quotes
CVE-2025-8356 (CVSS:9.8, CRITICAL) is Undergoing Analysis. In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized file..https://t.co/gETY6nfOQI #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
13 Aug 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Xerox patches FreeFlow Core 8.0.4 to fix critical XXE and path traversal flaws causing SSRF and remote code execution risks. Vulnerabilities CVE-2025-8355 and CVE-2025-8356 addressed with help from researcher Jimi Sebree. #FreeFlow #RemoteCode #USA https://t.co/mUEIL8a9n2
@TweetThreatNews
11 Aug 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Xerox FreeFlow Core v8.0.4 has 2 critical flaws: 🛑 CVE-2025-8355 → SSRF 🛑 CVE-2025-8356 → Path Traversal → RCE 💡 Fix: Update to v8.0.5 now! Paxion Cybersecurity helps organizations stay ahead of threats like these. #CyberSecurity #Xerox #Infosec #RCE #SSRF https:
@PaxionCyber
11 Aug 2025
51 Impressions
3 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Xerox patches critical SSRF and remote code execution bugs CVE-2025-8355 & CVE-2025-8356 in FreeFlow Core 8.0.4. Upgrade to 8.0.5 to address system compromise risks. #XeroxSecurity #FreeFlowCore #USA https://t.co/k7LlfG5Ibg
@TweetThreatNews
11 Aug 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-8356: CRITICAL] Critical Path Traversal vulnerability in Xerox FreeFlow Core 8.0.4 allows Remote Code Execution, posing a severe threat to system security. #cybersecurity#cve,CVE-2025-8356,#cybersecurity https://t.co/zuEOtUTy4S https://t.co/RvpN1AEdaq
@CveFindCom
8 Aug 2025
53 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-8356 In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Ex… https://t.co/c2IGoOPsTn
@CVEnew
8 Aug 2025
271 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xerox:freeflow_core:8.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DE1A3551-53C9-4604-953C-335A038BE68D"
}
],
"operator": "OR"
}
]
}
]