In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF).

Related CVEs

CVE-2025-8355

Key Information

GHSA ID

GHSA-6c2v-98pf-9vgr

Published

August 8, 2025 6:32 PM

Last Modified

August 8, 2025 6:32 PM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: August 23, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.