An urgent security update has been released for Xerox FreeFlow Core software, addressing two critical vulnerabilities that could allow attackers to execute remote code and perform server-side request forgery attacks.
The vulnerabilities, identified as CVE-2025-8355 and CVE-2025-8356, affect FreeFlow Core version 8.0.4 and require immediate patching to prevent potential exploitation.
Security researchers at Horizon3.ai discovered these flaws and worked collaboratively with Xerox to develop appropriate mitigations.
Key Takeaways
1. Xerox FreeFlow Core v8.0.4 has XXE/SSRF and Path Traversal/RCE vulnerabilities.
2. Attackers can bypass firewalls, access sensitive data.
3. Upgrade immediately to prevent exploitation.
SSRF and RCE Vulnerabilities
The first vulnerability, CVE-2025-8355, involves an XML External Entity (XXE) processing flaw that leads to Server-Side Request Forgery (SSRF) attacks.
This type of vulnerability occurs when an application processes XML input without properly disabling external entity references, allowing attackers to manipulate the XML parser to make unauthorized requests to internal systems.
Through SSRF exploitation, malicious actors can potentially access sensitive internal resources, bypass firewall restrictions, and gather intelligence about the target network infrastructure.
The second and more severe vulnerability, CVE-2025-8356, represents a path traversal weakness that can escalate to Remote Code Execution (RCE).
Path traversal vulnerabilities enable attackers to access files and directories outside the intended application scope by manipulating file paths with special characters like “../” sequences.
When successfully exploited, this vulnerability can allow attackers to upload malicious files, execute arbitrary commands on the server, and potentially gain complete control over the affected system.
| CVE | Title | Severity |
| CVE-2025-8355 | XML External Entity (XXE) leading to Server-Side Request Forgery (SSRF) | IMPORTANT |
| CVE-2025-8356 | Path Traversal leading to Remote Code Execution (RCE) | IMPORTANT |
Mitigations
Xerox issued a Security Bulletin on August 8, 2025, emphasizing the critical nature of these vulnerabilities and urging immediate remediation.
The company has rated both vulnerabilities at an “IMPORTANT” severity level, indicating significant potential impact on affected systems.
Organizations running FreeFlow Core in their print infrastructure face substantial risk if these vulnerabilities remain unpatched, as successful exploitation could compromise entire network segments.
Jimi Sebree from Horizon3.ai collaborated with Xerox’s security team through responsible disclosure practices, ensuring that proper fixes were developed before public announcement.
Xerox has released FreeFlow Core version 8.0.5 as the definitive solution, which includes comprehensive patches for both CVE-2025-8355 and CVE-2025-8356.
Organizations should prioritize immediate deployment of this update through official Xerox distribution channels to prevent potential attacks targeting these newly disclosed vulnerabilities.
Equip your SOC with full access to the latest threat data from ANY.RUN TI Lookup that can Improve incident response -> Get 14-day Free Trial
Source link
