VDB

CVE-2025-8355

CVE-2025-8355 PUBLISHED CVSS 7.5 HIGH

In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF).

EPSS 0.34% · 57.1th percentile

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.34%
57.1th percentile

Affected Products

VendorProductVersions
xeroxfreeflow_core8.0.4
XeroxFreeFlow Core0

Timeline

  • Aug 8, 2025 CVE Published
  • Aug 8, 2025 CVE Updated
  • Aug 9, 2025 EPSS Score
  • Aug 11, 2025 PoC Published
  • Aug 11, 2025 PoC Published
  • Aug 11, 2025 PoC Published
  • Aug 11, 2025 PoC Published
  • Aug 11, 2025 PoC Published
  • Aug 12, 2025 PoC Published
  • Aug 12, 2025 PoC Published
  • Aug 12, 2025 PoC Published
  • Aug 12, 2025 PoC Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›