Xerox address a critical flaw found in FreeFlow Core application, implementing necessary fixes
Xerox has recently addressed critical and high-severity vulnerabilities discovered in its print orchestration platform, Xerox FreeFlow Core. The vulnerabilities, identified as CVE-2025-8355 and CVE-2025-8356, were found after a customer reported unusual network activity in June.
The more severe of the two vulnerabilities, CVE-2025-8356, has a CVSS score of 9.8 and allows remote code execution. This means that unauthenticated attackers could potentially execute arbitrary code remotely. The second vulnerability, CVE-2025-8355, has a CVSS score of 7.5 and involves improper handling of XML input, leading to server-side request forgery attacks.
Horizon3.ai, a cybersecurity firm, traced the issue to the two flaws in Xerox's software after investigating the incident alongside the customer.
Xerox has issued a software update to mitigate the remote code execution vulnerabilities and has released a security bulletin urging customers to upgrade to FreeFlow Core version 8.0.5. This update includes security patches that fix these critical flaws and prevent both server-side request forgery (SSRF) and remote code execution (RCE) attacks.
Specifically, CVE-2025-8355 is an XML External Entity (XXE) injection vulnerability that allows attackers to craft malicious XML input to exploit SSRF and potentially execute remote code. On the other hand, CVE-2025-8356 is a path traversal vulnerability that can be leveraged for remote code execution and unauthorized file uploads.
Xerox remains committed to upholding strong security standards and actively monitors for these situations to ensure swift resolution. However, due to the ease of exploitation of these vulnerabilities, organizations with FreeFlow Core installations, especially exposed or internet-facing ones, should apply these patches immediately to avoid compromise.
Jimi Sebree, a security researcher at Horizon3.ai, recommends upgrading to the patched version as soon as possible. Sebree also suggests limiting access to the JMF Client service listening on Port 4004 for systems that cannot easily be patched.
Printer vulnerabilities are considered very serious because printing components typically require open access to other systems, potentially exposing them to intrusions if compromised. Therefore, it is crucial for organizations to prioritize the security of their print orchestration platforms.
Read also:
- Cyber Attack Nets $14 Million from WOO X Across Four Different Blockchains
- Nigerian Securities and Exchange Commission (SEC) teams up with Chainalysis to combat cryptocurrency fraud activities
- International marketing firm We Are Social intensifies global strategy for gaming industry
- Server Hazards: Top 4 Pests Imperiling Your Data Center and Preventive Measures
