CVE-2025-8356

CRITICAL

Xerox FreeFlow Core 8.0.4 - Path Traversal and Remote Code Execution

Title source: llm

Description

In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system.

References (2)

Core 2

Core References

Vendor Advisory

https://securitydocs.business.xerox.com/wp-content/uploads/2025/08/Xerox-Security-Bulletin-025-013-for-Freeflow-Core-8.0.5.pdf

Various Sources

https://horizon3.ai/attack-research/attack-blogs/from-support-ticket-to-zero-day/

Scores

CVSS v3 9.8

EPSS 0.1472

EPSS Percentile 96.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-22 CWE-94

Status published

Products (1)

xerox/freeflow_core 8.0.4

Published Aug 08, 2025

Tracked Since Feb 18, 2026