XXE leading to SSRF_CVE-2025-8355

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Description

In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF).

Basic Information

ID CVE-2025-8355

Source Xerox

Published Aug 8, 2025 at 15:31

Modified Aug 8, 2025 at 16:02

Affected Product

Vendor Xerox

Product FreeFlow Core

Affected Versions Xerox FreeFlow Core 0

CWE Classification

CWE-611

References

securitydocs.business.xerox.com /wp-content/uploads/2025/08/Xerox-Security-Bulletin-025-013-for-Freeflow-Core-8.0.5.pdf

{
    "lastseen": "",
    "description": "In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF).",
    "published": "2025-08-08T15:31:44.554Z",
    "modified": "2025-08-08T16:02:42.866Z",
    "type": "cve",
    "title": "XXE leading to SSRF",
    "source": "Xerox",
    "references": "https://securitydocs.business.xerox.com/wp-content/uploads/2025/08/Xerox-Security-Bulletin-025-013-for-Freeflow-Core-8.0.5.pdf",
    "id": "CVE-2025-8355",
    "bulletinFamily": "",
    "cwe": [
        "CWE-611"
    ],
    "cvelist": null,
    "sourceData": "Xerox FreeFlow Core 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FreeFlow Core",
    "version": "0",
    "vendor": "Xerox",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}