Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Vulnerabilities in Xerox Print Orchestration Product Allow Remote Code Execution

Path traversal and XXE injection flaws allowing unauthenticated remote code execution have been patched in Xerox FreeFlow Core. 

Xerox vulnerabilities

Two serious vulnerabilities were patched recently by Xerox in its FreeFlow Core print orchestration platform. 

According to pentesting company Horizon3, whose researchers discovered the flaws, FreeFlow Core is affected by an XXE injection flaw (CVE-2025-8355) and a path traversal issue (CVE-2025-8356).

The researchers discovered that the vulnerabilities could allow an unauthenticated, remote attacker to execute arbitrary code on affected FreeFlow Core instances.

The potential impact has been demonstrated with an exploit that placed a webshell on the targeted system.

FreeFlow Core is designed for prepress automation workflows and it’s typically used by organizations with large-scale printing operations, including universities, packaging and marketing firms, and even government agencies, according to Horizon3. 

“Given the nature of the product, FreeFlow Core installations have a lot of moving parts and require relatively open access and availability, which combined with the fact that print jobs of this kind generally contain pre-public information around marketing campaigns makes this an ideal target for attackers,” the security firm warned.

Advertisement. Scroll to continue reading.

The vulnerabilities were reported to Xerox in June and they were patched on August 8, when the vendor published an advisory to inform customers about the availability of patches. Fixes are included in FreeFlow Core version 8.0.5.

Earlier this year, researchers disclosed vulnerabilities in Xerox VersaLink multifunction printers that could allow attackers to retrieve authentication credentials, which could then be used for lateral movement.

Related: New Vulnerabilities Expose Millions of Brother Printers to Hacking

Related: Printer Company Procolored Served Infected Software for Months

Related: Critical Vulnerability Found in Canon Printer Drivers

Related: Fortinet, Ivanti Release August 2025 Security Patches

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

Mark Carter has been appointed Chief Information Security Officer at Socure.

Spektrum Labs has named Mark Cravotta Chief Operating Officer.

More People On The Move

Expert Insights

Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.