VDB
CVE-2025-8355
CVE-2025-8355
PUBLISHED
CVSS 7.5 HIGH
In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF).
EPSS 0.34% · 57.1th percentile
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.34%
57.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| xerox | freeflow_core | 8.0.4 |
| Xerox | FreeFlow Core | 0 |
Timeline
- Aug 8, 2025 CVE Published
- Aug 8, 2025 CVE Updated
- Aug 9, 2025 EPSS Score
- Aug 11, 2025 PoC Published
- Aug 11, 2025 PoC Published
- Aug 11, 2025 PoC Published
- Aug 11, 2025 PoC Published
- Aug 11, 2025 PoC Published
- Aug 12, 2025 PoC Published
- Aug 12, 2025 PoC Published
- Aug 12, 2025 PoC Published
- Aug 12, 2025 PoC Published