Xerox: >> Freeflow Core Security Vulnerabilities
An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forgery (SSRF) via crafted XML input containing malicious external entity references.
This issue affects Xerox FreeFlow Core versions up to and including 8.0.7.
Please consider upgrading to FreeFlow Core version 8.1.0 via the software available on - https://www.support.xerox.com/en-us/product/core/downloads
CVSS Score
7.5
EPSS Score
0.0
Published
2026-02-27
Improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE.
This issue affects Xerox FreeFlow Core versions up to and including 8.0.7.
Please consider upgrading to FreeFlow Core version 8.1.0 via the software available on - https://www.support.xerox.com/en-us/product/core/downloads
https://www.support.xerox.com/en-us/product/core/downloads
CVSS Score
9.8
EPSS Score
0.001
Published
2026-02-27
In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system.
CVSS Score
9.8
EPSS Score
0.008
Published
2025-08-08
In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF).
CVSS Score
7.5
EPSS Score
0.001
Published
2025-08-08
Pre-Auth RCE via Path Traversal
CVSS Score
8.3
EPSS Score
0.007
Published
2024-10-07
Pre-Auth RCE via Path Traversal
CVSS Score
8.3
EPSS Score
0.007
Published
2024-10-07
Authenticated RCE via Path Traversal
CVSS Score
7.6
EPSS Score
0.005
Published
2024-10-07
Authenticated RCE via Path Traversal
CVSS Score
7.6
EPSS Score
0.005
Published
2024-10-07