exploitDog

CVE-2025-8355

Опубликовано: 08 авг. 2025

Источник: nvd

CVSS3: 7.5

CVSS3: 7.5

EPSS Низкий

Описание

In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF).

Ссылки

https://securitydocs.business.xerox.com/wp-content/uploads/2025/08/Xerox-Security-Bulletin-025-013-for-Freeflow-Core-8.0.5.pdf
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:xerox:freeflow_core:8.0.4:*:*:*:*:*:*:*

EPSS

Процентиль: 20%

0.00064

Низкий

7.5 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-611

Связанные уязвимости

GHSA-6c2v-98pf-9vgr

CVSS3: 7.5

github

около 1 месяца назад

In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF).

EPSS

Процентиль: 20%

0.00064

Низкий

7.5 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-611