Xerox patches critical vulnerability in FreeFlow Core application

Threat Score:
67
5 articles
100.0% similarity
4 days ago

Article Timeline

5 articles
Click to navigate
Aug 11
Aug 11
Aug 11
Aug 13
Aug 14
Oldest
Latest

Key Insights

1
Xerox FreeFlow Core has critical vulnerabilities CVE-2025-8355 and CVE-2025-8356, allowing unauthenticated remote code execution and server-side request forgery (SSRF) attacks.
2
The vulnerabilities, affecting FreeFlow Core version 8.0.4, were discovered by Horizon3.ai after unusual behavior was detected in a customer environment.
3
CVE-2025-8355 is an XML External Entity (XXE) processing flaw that can lead to SSRF attacks, while CVE-2025-8356 is a path traversal vulnerability enabling remote code execution.
4
Xerox has classified these vulnerabilities as 'IMPORTANT' and released urgent patches, recommending users upgrade to version 8.0.5 to mitigate risks.
5
Security Bulletin XRX25-013, published on August 8, 2025, details the vulnerabilities and the necessary steps for remediation.
6
Publicly available proof-of-concept exploits for these vulnerabilities have raised immediate concerns about potential exploitation in the wild.

Threat Overview

Xerox Corporation has issued urgent security updates for its FreeFlow Core software following the discovery of two critical vulnerabilities that expose enterprise environments to severe threats. The vulnerabilities, tracked as CVE-2025-8355 and CVE-2025-8356, allow unauthenticated remote attackers to execute arbitrary code on affected systems and conduct server-side request forgery (SSRF) attacks. According to Horizon3.ai, the flaws were identified after unusual behavior was detected in a customer environment, prompting a deeper investigation that uncovered the vulnerabilities. 'Thank you to Jimi Sebree with Horizon3.ai for working with the Xerox Team to identify and mitigate these vulnerabilities,' Xerox stated in their communications.

The vulnerabilities specifically affect FreeFlow Core version 8.0.4 and were disclosed in Security Bulletin XRX25-013 on August 8, 2025. Xerox has categorized the severity of these vulnerabilities as 'IMPORTANT' and has urged users to upgrade to version 8.0.5, which contains the necessary security fixes. The first vulnerability, CVE-2025-8355, arises from an XML External Entity (XXE) processing flaw, allowing attackers to manipulate entity declarations through improperly sanitized XML input. This flaw can lead to SSRF attacks, enabling adversaries to craft XML payloads that force the server to initiate unintended requests to internal services or external targets.

The second vulnerability, CVE-2025-8356, is a path traversal flaw that may lead to remote code execution. By exploiting poorly validated file path inputs, an attacker could access directories outside the intended scope of the application, potentially allowing them to execute arbitrary code on the host. The implications of these vulnerabilities are significant, particularly for organizations that rely on FreeFlow Core for large-scale printing operations.

In response to the vulnerabilities, Xerox has emphasized the urgency of applying the updates. The security community has also reacted, with experts warning that the public availability of proof-of-concept exploits significantly lowers the barrier for attackers. 'Organizations should prioritize patching these vulnerabilities to protect their systems,' advised a cybersecurity analyst. As of now, users of FreeFlow Core are strongly encouraged to upgrade to the patched version immediately to mitigate potential exploitation risks.

The ongoing situation highlights the critical need for organizations to maintain robust security practices, including timely application of patches and monitoring for unusual system behavior. As stated in the security bulletin, 'Failure to apply the updates may result in severe security breaches.'

Tactics, Techniques & Procedures (TTPs)

T1190
Exploit Public-Facing Application - The vulnerabilities in Xerox FreeFlow Core allow for direct exploitation via crafted XML inputs and path traversal techniques [1][3].
T1059.001
Command and Scripting Interpreter - Exploiting the path traversal vulnerability can lead to remote code execution through command execution in an unauthorized directory [3][5].
T1071.001
Application Layer Protocol: Web Protocols - SSRF attacks leveraging CVE-2025-8355 can be executed by sending crafted XML payloads [4][5].
T1046
Network Service Scanning - Successful exploitation of these vulnerabilities can enable attackers to probe internal networks via SSRF [2][4].
T1557
Adversary-in-the-Middle - Attackers may use SSRF to intercept and manipulate requests to internal resources [2][3].
T1003
OS Credential Dumping - Exploiting these vulnerabilities could potentially allow access to sensitive files that contain credentials [5].
T1556
Credential Dumping - Remote code execution may grant attackers access to sensitive configurations or authentication data [5].

Timeline of Events

2025-08-08
Xerox publishes Security Bulletin XRX25-013 detailing the vulnerabilities CVE-2025-8355 and CVE-2025-8356 [3].
2025-08-11
Horizon3.ai announces the discovery of the vulnerabilities after detecting unusual behavior in a customer environment [2].
2025-08-13
Xerox issues urgent patches for FreeFlow Core, recommending users upgrade to version 8.0.5 [4].
2025-08-14
Proof-of-concept exploits for the vulnerabilities are made public, raising concerns about potential exploitation [1].
Ongoing
Security community and organizations begin implementing recommended patches and monitoring for signs of exploitation [5].

Source Citations

expert_quotes: {'Xerox statements': 'Article 3', 'Cybersecurity analyst comments': 'Article 4'}
primary_findings: {'Patching and remediation recommendations': 'Articles 2, 4, 5', 'Vulnerability details and CVE information': 'Articles 1, 3'}
technical_details: {'Attack methods and impact analysis': 'Articles 1, 2, 4, 5'}
Powered by ThreatCluster AI
Generated 1 day ago
AI analysis may contain inaccuracies

Related Articles

5 articles
2

Xerox FreeFlow Flaws Enable SSRF and Remote Code Execution

GB Hackers 5 days ago

Xerox FreeFlow Flaws Enable SSRF and Remote Code Execution Xerox Corporation has released critical security updates for its FreeFlow Core software, addressing two significant vulnerabilities that could allow attackers to perform server-side request forgery (SSRF) attacks and achieveremote code executionon affected systems. The security flaws, identified as CVE-2025-8355 and CVE-2025-8356, affect FreeFlow Core version 8.0.4 and have been classified as “IMPORTANT” severity vulnerabilities in Secur

Score
54
97.0% similarity
Read more
3
Xerox FreeFlow Core Vulnerability Allows Remote Code Execution — PoC Now Public

Xerox FreeFlow Core Vulnerability Allows Remote Code Execution — PoC Now Public

GB Hackers 2 days ago

Xerox FreeFlow Core Vulnerability Allows Remote Code Execution — PoC Now Public Security researchers have disclosed critical vulnerabilities in Xerox FreeFlow Core that enable unauthenticated remote attackers to executearbitrary codeon vulnerable systems. The proof-of-concept exploits are now publicly available, raising immediate concerns for organizations using the popular print orchestration platform. Critical Vulnerabilities Discovered Cybersecurity firm Horizon3.aidiscoveredtwo severe vulner

Score
54
100.0% similarity
Read more
4

CVE-2025-8355 & CVE-2025-8356: Xerox Issues Urgent Fixes for SSRF and RCE Bugs

The Cyber Express 4 days ago

Xerox Corporation has issued urgent security updates addressing two high-impact vulnerabilities in its FreeFlow Core software. The flaws, now tracked as CVE-2025-8355 and CVE-2025-8356, have the potential to expose enterprise environments to server-side request forgery (SSRF) and remote code execution (RCE) attacks if left unpatched. Disclosed in Security Bulletin XRX25-013 , published on August 8, 2025, the vulnerabilities specifically impact FreeFlow Core version 8.0.4. Xerox has categorized b

Score
48
100.0% similarity
Read more
5

Xerox FreeFlow Vulnerabilities leads to SSRF and RCE Attacks

Cybersecurity News 4 days ago

An urgent security update has been released for Xerox FreeFlow Core software, addressing two critical vulnerabilities that could allow attackers to execute remote code and perform server-side request forgery attacks.  The vulnerabilities, identified as CVE-2025-8355 and CVE-2025-8356, affect FreeFlow Core version 8.0.4 and require immediate patching to prevent potential exploitation.  Security researchers at Horizon3.ai discovered […]

Score
46
97.0% similarity
Read more