Critical Xerox FreeFlow Core Vulnerabilities Patched: Path Traversal and XXE Flaws Enable Remote Code Execution
Xerox has patched two critical vulnerabilities, CVE-2025-8355 and CVE-2025-8356, in its FreeFlow Core platform. These flaws, including path traversal and XXE injection, allowed unauthenticated attackers to execute remote code. Learn about the risks, affected systems, and recommended actions.
TL;DR
Xerox has addressed two critical vulnerabilities, CVE-2025-8355 (XXE Injection) and CVE-2025-8356 (Path Traversal), in its FreeFlow Core platform. These flaws enabled unauthenticated attackers to achieve remote code execution (RCE) on vulnerable systems. Users are strongly advised to upgrade to FreeFlow Core version 8.0.5 immediately to mitigate risks.
Introduction
Xerox, a global leader in print and digital document solutions, recently patched two severe vulnerabilities in its FreeFlow Core platform. The vulnerabilities, identified as CVE-2025-8355 and CVE-2025-8356, posed significant risks, allowing unauthenticated attackers to execute arbitrary code remotely. FreeFlow Core is widely used by print service providers and in-house print operations to automate and streamline prepress tasks, making it a prime target for cybercriminals.
Details of the Vulnerabilities
1. CVE-2025-8355: XML External Entity (XXE) Injection
- Nature of the Flaw: This vulnerability stemmed from improperly sanitized XML input in the JMF (Job Messaging Format) Client service of FreeFlow Core.
- Impact: Attackers could exploit this flaw to perform Server-Side Request Forgery (SSRF) attacks, enabling them to access internal systems or sensitive data.
- Severity: High, as it allows unauthenticated attackers to manipulate XML data and potentially gain unauthorized access.
2. CVE-2025-8356: Path Traversal Vulnerability
- Nature of the Flaw: This vulnerability existed in the file-handling routines of FreeFlow Core.
- Impact: Attackers could exploit it to place a webshell in a publicly accessible location on the server.
- Severity: Critical, as it enables unauthenticated attackers to execute malicious payloads remotely.
Combined Exploitation Risk
When combined, these vulnerabilities created a perfect storm for attackers:
- Initial Access: Exploiting the XXE injection (CVE-2025-8355) to bypass security measures.
- Payload Delivery: Leveraging the path traversal flaw (CVE-2025-8356) to upload and execute a webshell.
- Remote Code Execution: Using the webshell to execute arbitrary commands on the vulnerable system.
According to cybersecurity firm Horizon3, which discovered the vulnerabilities:
“These vulnerabilities are easily exploitable and enable unauthenticated remote attackers to achieve remote code execution on vulnerable FreeFlow Core instances.” 1
Why FreeFlow Core Is a High-Value Target
FreeFlow Core is an attractive target for attackers due to several factors:
- Sensitive Data: Print jobs often contain pre-publication marketing materials, making them valuable for corporate espionage or competitive intelligence.
- Open Access Requirements: The platform requires relatively open network access to function effectively, increasing its exposure to attacks.
- Critical Role in Operations: Disrupting FreeFlow Core could halt print operations, leading to financial and operational losses.
Xerox’s Response and Mitigation
Xerox has released FreeFlow Core version 8.0.5, which addresses both vulnerabilities. Users are strongly encouraged to upgrade immediately to protect their systems from potential exploitation.
Recommended Actions
- Upgrade Immediately: Install FreeFlow Core version 8.0.5 or later.
- Monitor Systems: Check for signs of unauthorized access or suspicious activity.
- Review Security Policies: Ensure that network access to FreeFlow Core is restricted to authorized personnel only.
Conclusion
The discovery and patching of CVE-2025-8355 and CVE-2025-8356 highlight the ongoing challenges in securing enterprise software. Organizations using Xerox FreeFlow Core must act swiftly to apply the patch and prevent potential breaches. As cyber threats continue to evolve, proactive measures such as regular updates, security audits, and employee training remain critical to safeguarding sensitive systems.
For further updates, follow @securityaffairs on Twitter, Facebook, and Mastodon.
Additional Resources
For more details, refer to:
- Xerox FreeFlow Core Official Page
- Horizon3 Attack Research Report
- NVD Entry for CVE-2025-8355
- NVD Entry for CVE-2025-8356
References
-
Horizon3 (2025). “From Support Ticket to Zero-Day: Xerox FreeFlow Core Vulnerabilities”. Horizon3.ai. Retrieved 2025-08-18. ↩︎