Detections
Analytics

CVE-2025-8356

critical

Description

In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system.

References

https://securityaffairs.com/181243/security/xerox-fixed-path-traversal-and-xxe-bugs-in-freeflow-core.html

https://www.securityweek.com/vulnerabilities-in-xerox-print-orchestration-product-allow-remote-code-execution/

https://thehackernews.com/2025/08/zoom-and-xerox-release-critical.html

https://horizon3.ai/attack-research/attack-blogs/from-support-ticket-to-zero-day/

https://securitydocs.business.xerox.com/wp-content/uploads/2025/08/Xerox-Security-Bulletin-025-013-for-Freeflow-Core-8.0.5.pdf

Details

Source: Mitre, NVD

Published: 2025-08-08

Updated: 2025-08-18

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00336