cvedb.io
CVE-2025-8355
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2025-08-08T16:15:27.917 · Last modified 2026-06-17T10:06:48.860

Summary

In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF).

Affected products

xerox — freeflow_core

Does this affect you?

Add your gear to cvedb and we'll alert you only when xerox ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.