Post

Critical Xerox FreeFlow Core Vulnerabilities Patched: Path Traversal and XXE Flaws Enable Remote Code Execution

Xerox has patched two critical vulnerabilities, CVE-2025-8355 and CVE-2025-8356, in its FreeFlow Core platform. These flaws, including path traversal and XXE injection, allowed unauthenticated attackers to execute remote code. Learn about the risks, affected systems, and recommended actions.

Critical Xerox FreeFlow Core Vulnerabilities Patched: Path Traversal and XXE Flaws Enable Remote Code Execution

TL;DR

Xerox has addressed two critical vulnerabilities, CVE-2025-8355 (XXE Injection) and CVE-2025-8356 (Path Traversal), in its FreeFlow Core platform. These flaws enabled unauthenticated attackers to achieve remote code execution (RCE) on vulnerable systems. Users are strongly advised to upgrade to FreeFlow Core version 8.0.5 immediately to mitigate risks.


Introduction

Xerox, a global leader in print and digital document solutions, recently patched two severe vulnerabilities in its FreeFlow Core platform. The vulnerabilities, identified as CVE-2025-8355 and CVE-2025-8356, posed significant risks, allowing unauthenticated attackers to execute arbitrary code remotely. FreeFlow Core is widely used by print service providers and in-house print operations to automate and streamline prepress tasks, making it a prime target for cybercriminals.


Details of the Vulnerabilities

1. CVE-2025-8355: XML External Entity (XXE) Injection

  • Nature of the Flaw: This vulnerability stemmed from improperly sanitized XML input in the JMF (Job Messaging Format) Client service of FreeFlow Core.
  • Impact: Attackers could exploit this flaw to perform Server-Side Request Forgery (SSRF) attacks, enabling them to access internal systems or sensitive data.
  • Severity: High, as it allows unauthenticated attackers to manipulate XML data and potentially gain unauthorized access.

2. CVE-2025-8356: Path Traversal Vulnerability

  • Nature of the Flaw: This vulnerability existed in the file-handling routines of FreeFlow Core.
  • Impact: Attackers could exploit it to place a webshell in a publicly accessible location on the server.
  • Severity: Critical, as it enables unauthenticated attackers to execute malicious payloads remotely.

Combined Exploitation Risk

When combined, these vulnerabilities created a perfect storm for attackers:

  1. Initial Access: Exploiting the XXE injection (CVE-2025-8355) to bypass security measures.
  2. Payload Delivery: Leveraging the path traversal flaw (CVE-2025-8356) to upload and execute a webshell.
  3. Remote Code Execution: Using the webshell to execute arbitrary commands on the vulnerable system.

According to cybersecurity firm Horizon3, which discovered the vulnerabilities:

“These vulnerabilities are easily exploitable and enable unauthenticated remote attackers to achieve remote code execution on vulnerable FreeFlow Core instances.” 1


Why FreeFlow Core Is a High-Value Target

FreeFlow Core is an attractive target for attackers due to several factors:

  • Sensitive Data: Print jobs often contain pre-publication marketing materials, making them valuable for corporate espionage or competitive intelligence.
  • Open Access Requirements: The platform requires relatively open network access to function effectively, increasing its exposure to attacks.
  • Critical Role in Operations: Disrupting FreeFlow Core could halt print operations, leading to financial and operational losses.

Xerox’s Response and Mitigation

Xerox has released FreeFlow Core version 8.0.5, which addresses both vulnerabilities. Users are strongly encouraged to upgrade immediately to protect their systems from potential exploitation.

  1. Upgrade Immediately: Install FreeFlow Core version 8.0.5 or later.
  2. Monitor Systems: Check for signs of unauthorized access or suspicious activity.
  3. Review Security Policies: Ensure that network access to FreeFlow Core is restricted to authorized personnel only.

Conclusion

The discovery and patching of CVE-2025-8355 and CVE-2025-8356 highlight the ongoing challenges in securing enterprise software. Organizations using Xerox FreeFlow Core must act swiftly to apply the patch and prevent potential breaches. As cyber threats continue to evolve, proactive measures such as regular updates, security audits, and employee training remain critical to safeguarding sensitive systems.

For further updates, follow @securityaffairs on Twitter, Facebook, and Mastodon.


Additional Resources

For more details, refer to:


References

  1. Horizon3 (2025). “From Support Ticket to Zero-Day: Xerox FreeFlow Core Vulnerabilities”. Horizon3.ai. Retrieved 2025-08-18. ↩︎

This post is licensed under CC BY 4.0 by the author.