Xerox Freeflow Core
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Xerox Freeflow Core.
By the Year
In 2026 there have been 2 vulnerabilities in Xerox Freeflow Core with an average score of 8.7 out of ten. Last year, in 2025 Freeflow Core had 2 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Freeflow Core in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 1.15.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 8.65 |
| 2025 | 2 | 7.50 |
| 2024 | 4 | 9.30 |
It may take a day or so for new Freeflow Core vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Xerox Freeflow Core Security Vulnerabilities
XXESSRF in Xerox FreeFlow Core (<=8.0.7) via crafted XML
CVE-2026-2252
7.5 - High
- February 27, 2026
An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forgery (SSRF) via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 via the software available on - https://www.support.xerox.com/en-us/product/core/downloads
XXE
Xerox FreeFlow Core v8.0.7 Path Traversal RCE
CVE-2026-2251
9.8 - Critical
- February 27, 2026
Improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 via the software available on - https://www.support.xerox.com/en-us/product/core/downloads https://www.support.xerox.com/en-us/product/core/downloads
Directory traversal
Xerox FreeFlow Core 8.0.4 Path Traversal RCE
CVE-2025-8356
- August 08, 2025
In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system.
Xerox FreeFlow Core 8.0.4 SSRF via XXE in XML Parsing
CVE-2025-8355
7.5 - High
- August 08, 2025
In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF).
Authenticated RCE via Path Traversal (CVE-2024-47559)
CVE-2024-47559
8.8 - High
- October 07, 2024
Authenticated RCE via Path Traversal
Directory traversal
Authenticated RCE via Path Traversal in Unknown Product
CVE-2024-47558
8.8 - High
- October 07, 2024
Authenticated RCE via Path Traversal
Directory traversal
Pre-Auth RCE via Path Traversal Vulnerability
CVE-2024-47557
9.8 - Critical
- October 07, 2024
Pre-Auth RCE via Path Traversal
Directory traversal
Pre-Auth RCE via Path Traversal
CVE-2024-47556
9.8 - Critical
- October 07, 2024
Pre-Auth RCE via Path Traversal
Directory traversal
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Xerox Freeflow Core or by Xerox? Click the Watch button to subscribe.
