BeyondMachines :verified:@beyondmachines1@infosec.exchange
Security Vulnerabilities in Xerox FreeFlow Core enable Server-Side Request Forgery and remote code execution
Xerox FreeFlow Core version 8.0.4 contains two vulnerabilities - a path traversal flaw (CVE-2025-8356) enabling remote code execution and an XML External Entity vulnerability (CVE-2025-8355) allowing server-side request forgery attacks.
If you're running Xerox FreeFlow Core version 8.0.4, make sure it's isolated and accessible only from trusted network. Then plan an update to version 8.0.5, or filter all requests using web application firewall.
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/security-vulnerabilities-in-xerox-freeflow-core-enable-server-side-request-forgery-and-remote-code-execution-r-j-v-8-t/gD2P6Ple2L