Freeflow Core
CVE-2025-8356
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system.
AnalysisAI
In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system. Affected products include: Xerox Freeflow Core. Version information: version 8.0.4.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.
More in Freeflow Core
View allPath traversal vulnerability in Xerox FreeFlow Core allows attackers to access files outside restricted directories, pot
Pre-Auth RCE via Path Traversal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no auth
Pre-Auth RCE via Path Traversal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no auth
Authenticated RCE via Path Traversal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low at
Authenticated RCE via Path Traversal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low at
Xerox FreeFlow Core versions through 8.0.7 contain an XML External Entity (XXE) vulnerability that allows unauthenticate
In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. Rated high s
Same weakness CWE-22 – Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today