cbcvebase.
CVE-2025-8355
published 2025-08-08

CVE-2025-8355: In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing…

PriorityP353high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
6.93%
93.3th percentile
In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF).

Affected

2 ranges
VendorProductVersion rangeFixed in
xeroxfreeflow_core< 8.0.58.0.5
xeroxfreeflow_core
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.