CVE-2025-8356

Xerox FreeFlow Core Remote Code Execution Vulnerability

Xerox FreeFlow Core versions prior to 8.0.5 contain a path traversal vulnerability that can lead to remote code execution.

Exploiting this vulnerability could enable an attacker to upload files, perform path traversal operations, and execute arbitrary commands on the affected system.

Mitigations

  • Upgrade to version 8.0.5 or later.

Rapid Response N-Day Testing

Run the Test Now

References

🔗 CVE-2025-8356 

🔗 Vendor Advisory 

Read about other CVEs

CVE-2024-23108

Fortinet FortiSIEM 2nd Order Command Injection

Read More

CVE-2023-43208

NextGen Mirth Connect Pre-Auth RCE

Read More

CVE-2023-34992

Fortinet FortiSIEM Command Injection

Read More

NodeZero® Platform

Implement a continuous find, fix, and verify loop with NodeZero

The NodeZero® platform empowers your organization to reduce your security risks by autonomously finding exploitable weaknesses in your network, giving you detailed guidance around how to priortize and fix them, and having you immediately verify that your fixes are effective.
Explore NodeZero

Recognized By