CVE-2025-8355

7.5

High

Published:8 Aug 2025

Last updated:17 Jun 2026

Source:10b61619-3869-496c-8a1e-f291b0e71e3f

Analyzed

Weakness (CWE)

CWE-611XML External Entity (XXE)

CVSS Vector

v3.1

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: None
Availability: None

View on MITRE Find PoC on GitHub

Description

In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF).

References

10b61619-3869-496c-8a1e-f291b0e71e3f

https://securitydocs.business.xerox.com/wp-content/uploads/2025/08/Xerox-Security-Bulletin-025-013-for-Freeflow-Core-8.0.5.pdf