Vulnerabilites related to xerox - freeflow_core
Vulnerability from fkie_nvd
Published
2025-08-08 16:15
Modified
2025-08-18 18:15
Severity ?
Summary
In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xerox | freeflow_core | 8.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xerox:freeflow_core:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE1A3551-53C9-4604-953C-335A038BE68D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system."
},
{
"lang": "es",
"value": "En la versi\u00f3n 8.0.4 de Xerox FreeFlow Core, un atacante puede explotar una vulnerabilidad de Path Traversal para acceder a archivos no autorizados en el servidor. Esto puede provocar la ejecuci\u00f3n remota de c\u00f3digo (RCE), lo que permite al atacante ejecutar comandos arbitrarios en el sistema."
}
],
"id": "CVE-2025-8356",
"lastModified": "2025-08-18T18:15:40.967",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"type": "Secondary"
}
]
},
"published": "2025-08-08T16:15:28.063",
"references": [
{
"source": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"tags": [
"Vendor Advisory"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2025/08/Xerox-Security-Bulletin-025-013-for-Freeflow-Core-8.0.5.pdf"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"url": "https://horizon3.ai/attack-research/attack-blogs/from-support-ticket-to-zero-day/"
}
],
"sourceIdentifier": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-07 19:15
Modified
2024-10-16 17:53
Severity ?
7.6 (High) - CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated RCE via Path Traversal
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xerox | freeflow_core | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xerox:freeflow_core:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7975358-F111-4176-8345-1B3EB86A3A25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated RCE via Path Traversal"
},
{
"lang": "es",
"value": "RCE autenticado mediante Path Traversal"
}
],
"id": "CVE-2024-47559",
"lastModified": "2024-10-16T17:53:19.420",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 6.0,
"source": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-07T19:15:10.677",
"references": [
{
"source": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"tags": [
"Vendor Advisory"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-014-for-Xerox%C2%AE-FreeFlow%C2%AE-Core-v7.0-.pdf"
}
],
"sourceIdentifier": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-08 16:15
Modified
2025-08-14 16:19
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xerox | freeflow_core | 8.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xerox:freeflow_core:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE1A3551-53C9-4604-953C-335A038BE68D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF)."
},
{
"lang": "es",
"value": "En Xerox FreeFlow Core versi\u00f3n 8.0.4, el manejo inadecuado de la entrada XML permite la inyecci\u00f3n de entidades externas. Un atacante puede manipular XML malicioso que contenga referencias a URL internas, lo que resulta en Server-Side Request Forgery (SSRF)."
}
],
"id": "CVE-2025-8355",
"lastModified": "2025-08-14T16:19:37.380",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-08-08T16:15:27.917",
"references": [
{
"source": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"tags": [
"Vendor Advisory"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2025/08/Xerox-Security-Bulletin-025-013-for-Freeflow-Core-8.0.5.pdf"
}
],
"sourceIdentifier": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-07 19:15
Modified
2024-10-16 17:34
Severity ?
8.3 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Pre-Auth RCE via Path Traversal
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xerox | freeflow_core | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xerox:freeflow_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "072201FD-78DD-43CF-BA65-B5DE67C0C28A",
"versionEndExcluding": "7.0.11",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pre-Auth RCE via Path Traversal"
},
{
"lang": "es",
"value": "RCE previa a la autorizaci\u00f3n mediante Path Traversal"
}
],
"id": "CVE-2024-47556",
"lastModified": "2024-10-16T17:34:45.813",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0,
"source": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-07T19:15:10.057",
"references": [
{
"source": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"tags": [
"Vendor Advisory"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-014-for-Xerox%C2%AE-FreeFlow%C2%AE-Core-v7.0-.pdf"
}
],
"sourceIdentifier": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-07 19:15
Modified
2024-10-16 17:45
Severity ?
7.6 (High) - CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated RCE via Path Traversal
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xerox | freeflow_core | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xerox:freeflow_core:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7975358-F111-4176-8345-1B3EB86A3A25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated RCE via Path Traversal"
},
{
"lang": "es",
"value": "RCE autenticado mediante Path Traversal"
}
],
"id": "CVE-2024-47558",
"lastModified": "2024-10-16T17:45:43.903",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 6.0,
"source": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-07T19:15:10.473",
"references": [
{
"source": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"tags": [
"Vendor Advisory"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-014-for-Xerox%C2%AE-FreeFlow%C2%AE-Core-v7.0-.pdf"
}
],
"sourceIdentifier": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-07 19:15
Modified
2024-10-16 17:33
Severity ?
8.3 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Pre-Auth RCE via Path Traversal
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xerox | freeflow_core | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xerox:freeflow_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "072201FD-78DD-43CF-BA65-B5DE67C0C28A",
"versionEndExcluding": "7.0.11",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pre-Auth RCE via Path Traversal"
},
{
"lang": "es",
"value": "RCE previa a la autorizaci\u00f3n mediante Path Traversal"
}
],
"id": "CVE-2024-47557",
"lastModified": "2024-10-16T17:33:56.373",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0,
"source": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-07T19:15:10.260",
"references": [
{
"source": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"tags": [
"Vendor Advisory"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-014-for-Xerox%C2%AE-FreeFlow%C2%AE-Core-v7.0-.pdf"
}
],
"sourceIdentifier": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-47557 (GCVE-0-2024-47557)
Vulnerability from cvelistv5
Published
2024-10-07 18:17
Modified
2024-10-07 18:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Pre-Auth RCE via Path Traversal
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Xerox | FreeFlow Core |
Version: 7.0.x < 7.0.11 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xerox:freeflow_core:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "freeflow_core",
"vendor": "xerox",
"versions": [
{
"lessThan": "7.0.11",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47557",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-07T18:35:05.430466Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T18:35:52.793Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "FreeFlow Core",
"vendor": "Xerox",
"versions": [
{
"lessThan": "7.0.11",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-10-01T17:43:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Pre-Auth RCE via Path Traversal"
}
],
"value": "Pre-Auth RCE via Path Traversal"
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T18:17:54.820Z",
"orgId": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"shortName": "Xerox"
},
"references": [
{
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-014-for-Xerox%C2%AE-FreeFlow%C2%AE-Core-v7.0-.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Pre-Auth RCE via Path Traversal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"assignerShortName": "Xerox",
"cveId": "CVE-2024-47557",
"datePublished": "2024-10-07T18:17:54.820Z",
"dateReserved": "2024-09-26T17:00:49.987Z",
"dateUpdated": "2024-10-07T18:35:52.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47559 (GCVE-0-2024-47559)
Vulnerability from cvelistv5
Published
2024-10-07 18:21
Modified
2024-10-07 18:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Authenticated RCE via Path Traversal
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Xerox | FreeFlow Core |
Version: 7.0.x < 7.0.11 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xerox:freeflow_core:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "freeflow_core",
"vendor": "xerox",
"versions": [
{
"lessThan": "7.0.11",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47559",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-07T18:35:27.802049Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T18:35:37.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "FreeFlow Core",
"vendor": "Xerox",
"versions": [
{
"lessThan": "7.0.11",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-10-01T17:43:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated RCE via Path Traversal"
}
],
"value": "Authenticated RCE via Path Traversal"
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T18:21:39.723Z",
"orgId": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"shortName": "Xerox"
},
"references": [
{
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-014-for-Xerox%C2%AE-FreeFlow%C2%AE-Core-v7.0-.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated RCE via Path Traversal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"assignerShortName": "Xerox",
"cveId": "CVE-2024-47559",
"datePublished": "2024-10-07T18:21:39.723Z",
"dateReserved": "2024-09-26T17:00:49.987Z",
"dateUpdated": "2024-10-07T18:35:37.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47558 (GCVE-0-2024-47558)
Vulnerability from cvelistv5
Published
2024-10-07 18:19
Modified
2024-10-07 18:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Authenticated RCE via Path Traversal
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Xerox | FreeFlow Core |
Version: 7.0.x < 7.0.11 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xerox:freeflow_core:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "freeflow_core",
"vendor": "xerox",
"versions": [
{
"lessThan": "7.0.11",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47558",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-07T18:35:23.016402Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T18:35:46.142Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "FreeFlow Core",
"vendor": "Xerox",
"versions": [
{
"lessThan": "7.0.11",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-10-01T17:43:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated RCE via Path Traversal"
}
],
"value": "Authenticated RCE via Path Traversal"
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T18:19:52.030Z",
"orgId": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"shortName": "Xerox"
},
"references": [
{
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-014-for-Xerox%C2%AE-FreeFlow%C2%AE-Core-v7.0-.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated RCE via Path Traversal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"assignerShortName": "Xerox",
"cveId": "CVE-2024-47558",
"datePublished": "2024-10-07T18:19:52.030Z",
"dateReserved": "2024-09-26T17:00:49.987Z",
"dateUpdated": "2024-10-07T18:35:46.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47556 (GCVE-0-2024-47556)
Vulnerability from cvelistv5
Published
2024-10-07 18:14
Modified
2024-10-07 18:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Pre-Auth RCE via Path Traversal
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Xerox | FreeFlow Core |
Version: 7.0.x < 7.0.11 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xerox:freeflow_core:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "freeflow_core",
"vendor": "xerox",
"versions": [
{
"lessThan": "7.0.11",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47556",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-07T18:35:00.275758Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T18:36:00.696Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "FreeFlow Core",
"vendor": "Xerox",
"versions": [
{
"lessThan": "7.0.11",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-10-01T17:43:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Pre-Auth RCE via Path Traversal"
}
],
"value": "Pre-Auth RCE via Path Traversal"
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T18:14:08.147Z",
"orgId": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"shortName": "Xerox"
},
"references": [
{
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-014-for-Xerox%C2%AE-FreeFlow%C2%AE-Core-v7.0-.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Pre-Auth RCE via Path Traversal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"assignerShortName": "Xerox",
"cveId": "CVE-2024-47556",
"datePublished": "2024-10-07T18:14:08.147Z",
"dateReserved": "2024-09-26T17:00:49.987Z",
"dateUpdated": "2024-10-07T18:36:00.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8356 (GCVE-0-2025-8356)
Vulnerability from cvelistv5
Published
2025-08-08 15:40
Modified
2025-08-19 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Xerox | FreeFlow Core |
Version: 0 < 8.0.5 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8356",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T03:55:28.372Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://horizon3.ai/attack-research/attack-blogs/from-support-ticket-to-zero-day/"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows"
],
"product": "FreeFlow Core",
"vendor": "Xerox",
"versions": [
{
"lessThan": "8.0.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-08-08T15:40:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system.\u003c/p\u003e"
}
],
"value": "In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
},
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-08T15:42:40.647Z",
"orgId": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"shortName": "Xerox"
},
"references": [
{
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2025/08/Xerox-Security-Bulletin-025-013-for-Freeflow-Core-8.0.5.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Path Traversal leading to RCE",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"assignerShortName": "Xerox",
"cveId": "CVE-2025-8356",
"datePublished": "2025-08-08T15:40:12.588Z",
"dateReserved": "2025-07-30T13:54:05.676Z",
"dateUpdated": "2025-08-19T03:55:28.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8355 (GCVE-0-2025-8355)
Vulnerability from cvelistv5
Published
2025-08-08 15:31
Modified
2025-08-08 16:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Summary
In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Xerox | FreeFlow Core |
Version: 0 < 8.0.5 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8355",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-08T16:02:33.856898Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-08T16:02:42.866Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows"
],
"product": "FreeFlow Core",
"vendor": "Xerox",
"versions": [
{
"lessThan": "8.0.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-08-08T15:27:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF)."
}
],
"value": "In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF)."
}
],
"impacts": [
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-08T15:43:07.165Z",
"orgId": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"shortName": "Xerox"
},
"references": [
{
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2025/08/Xerox-Security-Bulletin-025-013-for-Freeflow-Core-8.0.5.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "XXE leading to SSRF",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"assignerShortName": "Xerox",
"cveId": "CVE-2025-8355",
"datePublished": "2025-08-08T15:31:44.554Z",
"dateReserved": "2025-07-30T13:54:04.373Z",
"dateUpdated": "2025-08-08T16:02:42.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}