CVE-2025-8355
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-08

Last updated on: 2025-08-14

Assigner: Xerox

Description
In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-08
Last Modified
2025-08-14
Generated
2026-05-06
AI Q&A
2025-08-08
EPSS Evaluated
2026-05-05
NVD
CVE-2025-8355
EUVD
EUVD-2025-23998
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
xerox freeflow_core 8.0.4
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-611 The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in Xerox FreeFlow Core version 8.0.4 involves improper handling of XML input that allows an attacker to inject external entities. By crafting malicious XML containing references to internal URLs, the attacker can cause the system to perform Server-Side Request Forgery (SSRF), making the server send unauthorized requests to internal resources.


How can this vulnerability impact me? :

The vulnerability can impact you by allowing an attacker to make the vulnerable server send unauthorized requests to internal systems or services. This can lead to unauthorized access to internal resources, potential data exposure, or further exploitation within the internal network.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart