{"id":"CVE-2025-8356","details":"In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system.","modified":"2026-04-10T05:36:14.895180Z","published":"2025-08-08T16:15:28.063Z","references":[{"type":"ADVISORY","url":"https://securitydocs.business.xerox.com/wp-content/uploads/2025/08/Xerox-Security-Bulletin-025-013-for-Freeflow-Core-8.0.5.pdf"},{"type":"ARTICLE","url":"https://horizon3.ai/attack-research/attack-blogs/from-support-ticket-to-zero-day/"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0.4"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-8356.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}