Primary

Context

Xerox FreeFlow Core Server-Side Request Forgery Vulnerability via XML External Entity Injection

Vulnerability

Patched

A vulnerability in Xerox FreeFlow Core version 8.0.4 allows for Server-Side Request Forgery (SSRF) through improper handling of XML input, which enables the injection of external entities. An attacker can create malicious XML that references internal URLs, leading to unauthorized requests being made from the server.

Impact

Exploitation of this vulnerability allows for Server-Side Request Forgery, where an attacker can make the server send requests to internal resources, potentially leading to further exploitation or information disclosure.

Remediation

Users are advised to upgrade to Xerox FreeFlow Core version 8.0.5, available through the Xerox support website.

Added: Aug 8, 2025, 4:19 PM

Updated: Aug 8, 2025, 4:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

1.9

exploitability

7.0

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

1.9

exploitability

7.0

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Xerox FreeFlow Core Server-Side Request Forgery Vulnerability via XML External Entity Injection

Vulnerability

Impact

Remediation

Affected Products

Xerox FreeFlow Core

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating