Xerox Corporation has issued an urgent security advisory regarding critical vulnerabilities in its FreeFlow Core software version 8.0.4. These flaws could allow malicious actors to perform server-side request forgery (SSRF) attacks and execute remote code on affected systems, posing a significant threat to organizations relying on this software.
The issues affect FreeFlow Core version 8.0.4 and were disclosed in their most recently security bulletin notice.
The first vulnerability identified as CVE-2025-8355 is an XML External Entity (XXE) processing flaw lacking proper validation and can trick the server into making unintended requests to internal or external resources.
CVE-2025-8356 — Path Traversal Vulnerability (Remote Code Execution)
The second, tracked as CVE-2025-8356, is a path traversal vulnerability. Also known as directory traversal, it allows attackers to manipulate file path parameters to access files outside the intended directory scope allowing access to sensitive configuration files or potential execution of arbitrary code on the system.
The combination of these vulnerabilities creates a dangerous attack surface:
Attackers could exploit and scan internal networks, access restricted services, exfiltrate sensitive data or execute malicious code to control systems. In enterprise environments, where FreeFlow Core may have access to internal networks and document repositories, the risk of data breaches and system compromise can increase dramatically.
Users of FreeFlow Core version 8.0.4 to immediately upgrade to version 8.0.5. Visit the Xerox support page to find available downloads. The latest version addresses both vulnerabilities and is available for download through Xerox’s official support channels.
The security of enterprise printing and document management systems is crucial, especially when vulnerabilities threaten to expose sensitive information or allow system takeovers. Along with applying updates, organizations should review their deployment practices. Implementing proper network segmentation and access controls can provide an additional layer of defense, preventing potential attackers from exploiting these flaws.
Stay vigilant, keep your software up to date, and review your security practices regularly to maintain resilient IT systems.
Leave a Reply