Xerox has released an urgent security bulletin warning customers of two critical vulnerabilities in its FreeFlow Core software. These flaws, which could enable attackers to execute server-side request forgery (SSRF) and remote code execution (RCE) attacks, affect version 8.0.4 and have been classified as “IMPORTANT” severity. The company strongly urges all users to immediately update to the patched version, 8.0.5.
The first vulnerability, identified as CVE-2025-8355, is an XML External Entity (XXE) processing flaw that can lead to SSRF attacks. An attacker could craft malicious XML input to force the server to make unintended requests to internal or external resources. This could allow them to bypass firewalls and access internal systems that would otherwise be inaccessible, potentially exposing sensitive data or enabling network reconnaissance. For example, an attacker could trick the server into retrieving internal files or scanning for other vulnerable services on the network.
The second and more severe flaw, CVE-2025-8356, is a path traversal vulnerability that can lead to RCE. This type of attack allows a malicious actor to access files and directories outside of the intended scope by manipulating file path parameters. When successfully exploited, this can enable an attacker to upload and execute arbitrary code on the affected system, potentially leading to a complete system compromise. The combination of these two vulnerabilities is particularly dangerous, as an attacker could leverage the SSRF flaw to gain initial access and then use the path traversal to achieve full control.
Xerox’s security bulletin, XRX25-013, published on August 8, 2025, details these security risks. The vulnerabilities were discovered and responsibly disclosed by security researcher Jimi Sebree from Horizon3.ai, who worked with Xerox to develop and test the necessary mitigations.
The potential impact of these vulnerabilities on unpatched systems is significant, especially for enterprise environments that rely on FreeFlow Core for document and print management. A successful attack could result in unauthorized access to confidential documents, data exfiltration, and a complete system takeover. The company emphasizes that upgrading to FreeFlow Core version 8.0.5 is the only way to fully address both vulnerabilities.
