Xerox Urges FreeFlow Core Users to Upgrade to Patch Severe Vulnerabilities
Xerox has released a critical update for its FreeFlow Core print automation platform. Users are urged to upgrade to version 8.0.5 as soon as possible to patch two severe vulnerabilities, CVE-2025-8355 and CVE-2025-8356.
The XXE injection vulnerability (CVE-2025-8355) enables SSRF attacks, while the path traversal flaw (CVE-2025-8356) allows attackers to place a webshell in a publicly accessible location. Combined, these issues enable remote attackers to execute malicious payloads through JMF commands and web portals, leading to unauthenticated remote code execution.
Xerox has addressed these vulnerabilities in FreeFlow Core version 8.0.5. Users are advised to install the latest security updates and patches, regardless of these specific CVEs, to maintain the system's security.
Xerox has patched two serious flaws in FreeFlow Core: path traversal (CVE-2025-8356) and XXE injection (CVE-2025-8355). Users should upgrade to version 8.0.5 to protect against remote code execution attacks. For the most accurate and up-to-date information, users should contact the Xerox Security Response Center.
