← back
CVE-2025-8355

XXE leading to SSRF

CVSS 7.5 HIGHEPSS 6.9%CWE-611
In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
Xerox · FreeFlow Core

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://securitydocs.business.xerox.com/wp-content/uploads/2025/08/Xerox-Security-Bulletin-025-013-for-Freeflow-Core-8.0.5.pdf