VDB
CVE-2025-8356
CVE-2025-8356
PUBLISHED
CVSS 9.800000190734863 CRITICAL
In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system.
EPSS 4.78% · 89.7th percentile
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
4.78%
89.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xerox | FreeFlow Core | 0 |
| xerox | freeflow_core | 8.0.4 |
Timeline
- Aug 8, 2025 CVE Published
- Aug 8, 2025 PoC Published
- Aug 9, 2025 EPSS Score
- Aug 9, 2025 PoC Published
- Aug 11, 2025 PoC Published
- Aug 11, 2025 PoC Published
- Aug 11, 2025 PoC Published
- Aug 11, 2025 PoC Published
- Aug 11, 2025 PoC Published
- Aug 11, 2025 PoC Published
- Aug 12, 2025 PoC Published
- Aug 12, 2025 PoC Published
References
- https://securitydocs.business.xerox.com/wp-content/uploads/2025/08/Xerox-Security-Bulletin-025-013-for-Freeflow-Core-8.0.5.pdf url
- https://horizon3.ai/attack-research/attack-blogs/from-support-ticket-to-zero-day/ exploit
- https://nvd.nist.gov/vuln/detail/CVE-2025-8356 advisory
- https://horizon3.ai/attack-research/attack-blogs/from-support-ticket-to-zero-day url