CVE-2025-8356

Critical CVSS 9.8

Overview

In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system.

CWE: CWE-22 Published: 2025-08-08T16:15:28.063

Risk analysis

This vulnerability is rated 🔴 CRITICAL.

CVSS: 9.8 (CRITICAL)
Detected tags: path, rce (tag impact: VERY HIGH)

Recommended actions:

Canonicalize path; block `..` traversal; use allowlists.
Patch/upgrade immediately (remote code execution).
Reduce exposure (WAF/segmentation), minimize attack surface.

Overview

Recommended tools

Tags