CVE-2025-8355
published 2025-08-08CVE-2025-8355: In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing…
PriorityP353high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
6.93%
93.3th percentile
In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF).
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xerox | freeflow_core | < 8.0.5 | 8.0.5 |
| xerox | freeflow_core | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS Xerox FreeFlow Core External XML Entity Injection Server Side Request Forgery Attempt (CVE-2025-8355)
suricata·2025-08-13·CVSS 7.5
CVE-2025-8355 [HIGH] ET WEB_SPECIFIC_APPS Xerox FreeFlow Core External XML Entity Injection Server Side Request Forgery Attempt (CVE-2025-8355)
ET WEB_SPECIFIC_APPS Xerox FreeFlow Core External XML Entity Injection Server Side Request Forgery Attempt (CVE-2025-8355)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Xerox FreeFlow Core External XML Entity Injection Server Side Request Forgery Attempt (CVE-2025-8355)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:1; content:"/"; http.request_body; content:"|3c 3f|xml|20|version|3d 22|"; startswith; nocase; content:"|3c 21|entity|20 25|"; distance:0; nocase; content:"SYSTEM|20 22|http"; fast_pattern; distance:0; content:"|3a 2f 2f|"; within:4; distance:0; reference:url,horizon3.ai/attack-research/attack-blogs/from-support-ticket-to-zero-day/; reference:cve,2025-8355; classtype:web-application-attack; sid:2064002; rev:1; metadata:affecte
No public exploits indexed.
No writeups or analysis indexed.
2025-08-08
Published