Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-8356

In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system.

Published

2025-08-08T16:15:28.063

Last Modified

2025-08-18T18:15:40.967

Status

Modified

Source

10b61619-3869-496c-8a1e-f291b0e71e3f

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-22
CWE-94

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	xerox	freeflow_core	8.0.4	Yes

References

https://securitydocs.business.xerox.com/wp-content/uploads/2025/08/Xerox-Security-Bulletin-025-013-for-Freeflow-Core-8.0.5.pdf Vendor Advisory (10b61619-3869-496c-8a1e-f291b0e71e3f)
https://horizon3.ai/attack-research/attack-blogs/from-support-ticket-to-zero-day/ (134c704f-9b21-4f2e-91b3-4a467353bcc0)