CVE-2025-8355
HIGH WAF: High
CVSS 7.5
Published: 2025-08-08
CWE-611
In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF).
WAF Coverage Analysis
XML External Entity (XXE)
High WAF Coverage
OWASP: A05:2021 Security Misconfiguration
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| xerox | freeflow_core | 8.0.4 |
References
- securitydocs.business.xerox.com (Vendor Advisory)