Skip to main content
close search
site logo

Xerox patches critical vulnerability in FreeFlow Core application

Researchers at Horizon3.ai discovered the flaw after flagging unusual behavior in a customer environment.

Published Aug. 13, 2025 Updated 10 hours ago
David Jones's headshot
Reporter
A sign displayed outside Xerox headquarters
Xerox signage hangs outside the company's corporate offices. The company released a patch for a critical security flaw in its FreeFlow Core application. Courtesy of Xerox

Xerox has issued a security upgrade for critical and high-severity vulnerabilities in its FreeFlow Core product that researchers said could have allowed an attacker to remotely execute code.

Xerox FreeFlow Core is a print orchestration platform that handles prepress automation workflows, and it is often used by organizations that require large print operations, including packaging companies, marketing campaigns, universities and government agencies.  

Horizon3.ai, a San Francisco-based pentesting and red team specialist, discovered recently that the software contained two serious flaws: a critical path traversal vulnerability, tracked as CVE-2025-8356, with a CVSS score of 9.8, that could have allowed an attacker to gain remote code execution; and a second vulnerability, tracked as CVE-2025-8355, with a CVSS score of 7.5, that involved improper handling of XML input and could have led to server-side request forgery attacks.

Horizon3.ai researchers said they learned of the issue in June after one of the company’s customers reported unusual network activity.

The customer described what it thought were false positives, as Horizon3.ai’s NodeZero security software was receiving alerts that an XML External Entity was being exploited on one of the customer’s machines. After investigating the incident alongside the customer, Horizon3.ai traced the issue to the two flaws in Xerox’s software.

“Xerox is aware of the recent remote code execution vulnerabilities (CVE-2025-8355 and CVE-2025-8356) and has made a software update available to our clients that mitigates the remote code execution vulnerabilities,” a Xerox spokeperson told Cybersecurity Dive. “ We are actively monitoring for these situations to ensure swift resolution and remain committed to upholding strong security standards.”

Xerox’s Aug. 8 security bulletin urged customers to upgrade to FreeFlow Core version 8.0.5., which contains patches for the vulnerabilities.

“As these flaws are trivial to exploit, the recommended mitigation is to upgrade to a patched version as soon as possible,” said Jimi Sebree, security researcher at Horizon3.ai. 

Printer vulnerabilities are often considered very serious, because printing components typically require open access to other systems and thus could expose those systems to intrusions, if compromised.

Sebree said customers with systems that cannot easily be patched should consider limiting access to the JMF Client service listening on Port 4004 by default. 

Editor’s note: Updates with comment from Xerox.

Filed Under: Vulnerability

Editors' picks

Company Announcements

View all | Post a press release
Ontic and 360 Privacy Join Forces to Expand Executive Protection with Embedded Digital Privacy…
From 360 Privacy
August 13, 2025
360 Privacy logo
Blackpoint Cyber and CyberFOX Announce Strategic Partnership to Deliver End-to-End Identity an…
From Blackpoint Cyber
July 30, 2025
Blackpoint Cyber logo
Vendict Raises $10M to Reinvent Compliance
From NY Tech's Cyber Division
August 05, 2025
Operant Networks Launches Secure AI Sandbox for MCP, Solving the AI POC-to-Production Gap
From Operant Networks
August 11, 2025
Operant Networks logo
Editors' picks
Latest in Vulnerability
Industry Dive is an Informa TechTarget business.
© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.