CVE Daily

CVE-2025-8355

In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows inje...

High CVSS 7.5

Overview

In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF).

CWE: CWE-611 Published: 2025-08-08T16:15:27.917
Risk analysis

This vulnerability is rated 🟠 HIGH.

  • CVSS: 7.5 (HIGH)
  • Detected tags: ssrf (tag impact: MODERATE)

Recommended actions:

  • Deny access to internal/metadata addresses; use outbound allowlists.

Recommended tools

Tags