PT-2025-32365 · Xerox · Xerox Freeflow Core
Published
2025-08-08
·
Updated
2025-08-15
·
CVE-2025-8356
CVSS v3.1
9.8
9.8
Critical
| Base vector | Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Xerox FreeFlow Core version 8.0.4
Description:
A Path Traversal vulnerability exists in Xerox FreeFlow Core version 8.0.4. This allows an attacker to access unauthorized files on the server, potentially leading to Remote Code Execution (RCE). Successful exploitation could allow an attacker to run arbitrary commands on the system.
Recommendations:
Update Xerox FreeFlow Core to a newer version that resolves this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Code Injection
Path traversal
Related Identifiers
CVE-2025-8356
Affected Products
Xerox Freeflow Core
References · 31
- https://nvd.nist.gov/vuln/detail/CVE-2025-8356 · Security Note
- https://securitydocs.business.xerox.com/wp-content/uploads/2025/08/Xerox-Security-Bulletin-025-013-for-Freeflow-Core-8.0.5.pdf · Vendor Advisory
- https://t.me/purp_sec/1029 · Telegram Post
- https://twitter.com/the_yellow_fall/status/1954727297870946460 · Twitter Post
- https://twitter.com/TweetThreatNews/status/1954890749452878122 · Twitter Post
- https://twitter.com/VulmonFeeds/status/1953859467826638920 · Twitter Post
- https://twitter.com/wvipersg/status/1954858789020008797 · Twitter Post
- https://twitter.com/dailytechonx/status/1954996242062213540 · Twitter Post
- https://t.me/CVEtracker/29511 · Telegram Post
- https://twitter.com/CVEnew/status/1953848307958140979 · Twitter Post
- https://twitter.com/Horizon3Attack/status/1955627015521865742 · Twitter Post
- https://twitter.com/PaxionCyber/status/1954896866841133371 · Twitter Post
- https://twitter.com/CveFindCom/status/1953851305723597173 · Twitter Post
- https://reddit.com/r/CVEWatch/comments/1mpwdks/top_10_trending_cves_14082025 · Reddit Post
- https://twitter.com/CCBalert/status/1956009981574021229 · Twitter Post