cbcvebase.

Xerox Freeflow Core vulnerabilities

9 known vulnerabilities affecting xerox/freeflow_core.

Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH7

Vulnerabilities

Page 1 of 1
CVE-2025-8356P2CRITICALCVSS 9.8v8.0.4fixed in 8.0.52025-08-08
CVE-2025-8356 [CRITICAL] CWE-22 CVE-2025-8356: In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to acce In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system.
nvd
CVE-2026-2251P2CRITICALCVSS 9.8fixed in 8.1.0≤ 8.0.72026-02-27
CVE-2026-2251 [CRITICAL] CWE-22 CVE-2026-2251: Improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability in Xerox Improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 via the software available on - https://www.support.xe
nvd
CVE-2025-8355P3HIGHCVSS 7.5v8.0.4fixed in 8.0.52025-08-08
CVE-2025-8355 [HIGH] CWE-611 CVE-2025-8355: In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external en In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF).
nvd
CVE-2026-2252P3HIGHCVSS 7.5fixed in 8.1.0≤ 8.0.72026-02-27
CVE-2026-2252 [HIGH] CWE-611 CVE-2026-2252: An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forg An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forgery (SSRF) via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 via the software available on - https:/
nvd
CVE-2024-47555P3HIGHCVSS 8.3≥ 7.0.x, < 7.0.112024-10-07
CVE-2024-47555 [HIGH] CWE-306 CVE-2024-47555: Missing Authentication - User & System Configuration Missing Authentication - User & System Configuration
nvd
CVE-2024-47556HIGHCVSS 8.3≥ 7.0.x, < 7.0.112024-10-07
CVE-2024-47556 [HIGH] CWE-22 Pre-Auth RCE via Path Traversal Pre-Auth RCE via Path Traversal Pre-Auth RCE via Path Traversal
cvelistv5
CVE-2024-47557HIGHCVSS 8.3≥ 7.0.x, < 7.0.112024-10-07
CVE-2024-47557 [HIGH] CWE-22 Pre-Auth RCE via Path Traversal Pre-Auth RCE via Path Traversal Pre-Auth RCE via Path Traversal
cvelistv5
CVE-2024-47559HIGHCVSS 7.6≥ 7.0.x, < 7.0.112024-10-07
CVE-2024-47559 [HIGH] CWE-22 Authenticated RCE via Path Traversal Authenticated RCE via Path Traversal Authenticated RCE via Path Traversal
cvelistv5
CVE-2024-47558HIGHCVSS 7.6≥ 7.0.x, < 7.0.112024-10-07
CVE-2024-47558 [HIGH] CWE-22 Authenticated RCE via Path Traversal Authenticated RCE via Path Traversal Authenticated RCE via Path Traversal
cvelistv5
Xerox Freeflow Core vulnerabilities | cvebase