Xerox patched two serious flaws in FreeFlow Core, path traversal and XXE injection, that allowed unauthenticated remote code execution. Xerox addressed two serious flaws, respectively tracked as CVE-2025-8355 and CVE-2025-8356, in FreeFlow Core. The vulnerabilities are a path traversal (CVE-2025-8355) and XXE injection (CVE-2025-8356), which allowed an unauthenticated attacker to achieve remote code execution. FreeFlow […]
First seen on securityaffairs.com
Jump to article: securityaffairs.com/181243/security/xerox-fixed-path-traversal-and-xxe-bugs-in-freeflow-core.html
