Xerox Corporation has released a critical security bulletin addressing two high-severity vulnerabilities in its FreeFlow Core v8.0.4 software that could allow attackers to execute server-side request forgery (SSRF) and remote code execution (RCE) attacks, potentially compromising enterprise printing infrastructure.
Diagram illustrating the process of Remote Code Execution (RCE) attacks, showing how a malicious payload executes a reverse shell to give attackers control over a server.
The security vulnerabilities, identified as CVE-2025-8355 and CVE-2025-8356, were discovered through responsible disclosure by cybersecurity researcher Jimi Sebree from Horizon3.ai.
Xerox has acknowledged the collaboration and released FreeFlow Core version 8.0.5 on August 8, 2025, to address these critical vulnerabilities that pose significant risks to organizations using the affected software.
The first vulnerability, CVE-2025-8355, involves an XML External Entity (XXE) injection vulnerability that enables server-side request forgery attacks.
This type of vulnerability allows malicious actors to manipulate XML processing within the application, potentially forcing the server to make unauthorized requests to internal systems or external resources.
The XXE-to-SSRF attack chain can expose sensitive internal network infrastructure and facilitate reconnaissance activities against protected systems.
Diagram showing how SSRF attacks redirect a user’s request through a web server to bypass firewalls and reach a victim server.
The second vulnerability, CVE-2025-8356, represents a path traversal weakness that escalates to remote code execution capabilities.
Path traversal attacks, also known as directory traversal, exploit insufficient input validation to access files and directories stored outside the intended application directory.
When successfully exploited, this vulnerability can grant attackers the ability to execute arbitrary code on the target system, potentially leading to complete system compromise.
These vulnerabilities affect FreeFlow Core, Xerox’s workflow automation software designed for high-volume printing environments.
The software is commonly deployed in enterprise settings where it manages complex document processing workflows, making the security implications particularly concerning for organizations handling sensitive information.
The combination of SSRF and RCE vulnerabilities presents a severe threat to affected organizations.
The SSRF capability through XXE injection could allow attackers to probe internal network resources, access cloud metadata services, or interact with internal APIs that are typically protected from external access.
This reconnaissance capability often serves as a stepping stone for more sophisticated attacks.
The path traversal leading to remote code execution significantly amplifies the risk profile. Successful exploitation could result in unauthorized access to sensitive documents, installation of persistent malware, lateral movement within the network, or complete system takeover.
Organizations using FreeFlow Core in production environments face potential data breaches, operational disruptions, and compliance violations if these vulnerabilities remain unpatched.
Given the enterprise nature of FreeFlow Core deployments, the vulnerabilities could affect numerous high-value targets across various industries, including healthcare, finance, legal services, and government sectors where document processing systems handle confidential information.
Xerox strongly recommends that all organizations running FreeFlow Core version 8.0.4 immediately upgrade to version 8.0.5, which contains the necessary security fixes for both vulnerabilities.
The update is available through Xerox’s official website and should be treated as a priority security patch given the “IMPORTANT” severity rating assigned to these issues.
Organizations should implement proper network segmentation to limit potential impact, monitor FreeFlow Core systems for unusual activity, and review access controls to ensure only authorized personnel can interact with the software.
Additionally, administrators should verify that backup and recovery procedures are current in case emergency restoration becomes necessary during the patching process.
The collaboration between Horizon3.ai and Xerox demonstrates the value of responsible vulnerability disclosure in protecting enterprise systems from emerging threats.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
PortSwigger has leveled up Burp Suite's scanning arsenal with the latest Active Scan++ extension, version…
Unit 42 researchers at Palo Alto Networks exposed serious flaws in the Model Context Protocol…
Polish police have arrested three Ukrainian men traveling through Europe and seized a cache of…
Google has launched its most significant Chrome update ever, embedding Gemini AI across the browser…
Attackers exploit this vulnerability through the router's web interface components, specifically "cgibin" and "hnap_main," by…
Security researchers have uncovered a severe flaw in Apache Tika, a popular open-source toolkit for…