ГлавнаяУязвимости → CVE-2025-8356
9.8критическая

CVE-2025-8356

Описание

In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system.

Затрагиваемое ПО
Xerox Freeflow core
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://securitydocs.business.xerox.com/wp-content/uploads/2025/08/Xerox-Security-Bulletin-025-013-for-Freeflow-Core-8.0.5.pdfhttps://horizon3.ai/attack-research/attack-blogs/from-support-ticket-to-zero-day/