CVE-2025-8355
📋 TL;DR
Xerox FreeFlow Core version 8.0.4 has an XML External Entity (XXE) vulnerability that allows Server-Side Request Forgery (SSRF). Attackers can inject malicious XML to make the server request internal URLs, potentially accessing sensitive internal systems. Organizations using Xerox FreeFlow Core 8.0.4 are affected.
💻 Affected Systems
- Xerox FreeFlow Core
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of internal network via SSRF to access sensitive systems, data exfiltration, or lateral movement to critical infrastructure.
Likely Case
Information disclosure from internal services, scanning of internal network, or limited data access via SSRF.
If Mitigated
Limited impact with proper network segmentation and XML input validation in place.
🎯 Exploit Status
XXE to SSRF is a well-known attack pattern with low complexity; exploitation likely requires network access to the vulnerable service.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 8.0.5
Vendor Advisory: https://securitydocs.business.xerox.com/wp-content/uploads/2025/08/Xerox-Security-Bulletin-025-013-for-Freeflow-Core-8.0.5.pdf
Restart Required: Yes
Instructions:
1. Download Xerox FreeFlow Core version 8.0.5 from official sources. 2. Backup current configuration and data. 3. Install the update following vendor instructions. 4. Restart the service or server as required.
🔧 Temporary Workarounds
Disable XML External Entity Processing
allConfigure the XML parser to disable external entity resolution to prevent XXE attacks.
Specific commands depend on the XML parser implementation; consult Xerox documentation for configuration options.
Network Segmentation
allRestrict network access to the FreeFlow Core server to limit SSRF impact.
Use firewall rules to block outbound requests from FreeFlow Core to internal networks except necessary services.
🧯 If You Can't Patch
- Implement strict input validation to reject XML with external entity references.
- Deploy a web application firewall (WAF) with rules to detect and block XXE payloads.
🔍 How to Verify
Check if Vulnerable:
Check the installed version of Xerox FreeFlow Core; if it is 8.0.4, it is vulnerable.Check Version:
Consult Xerox FreeFlow Core administration interface or documentation for version check command; typically via web UI or system logs.Verify Fix Applied:
Verify that the version has been updated to 8.0.5 or later, and test XML input handling for XXE vulnerabilities.📡 Detection & Monitoring
Log Indicators:
- Unusual XML parsing errors, unexpected outbound HTTP requests from the server, or logs showing access to internal URLs.
Network Indicators:
- Outbound requests from FreeFlow Core server to internal IPs or unusual ports, especially in response to XML input.
SIEM Query:
source="FreeFlow Core" AND (event="XML parse error" OR dest_ip IN [internal_network_range])