Xerox’s FreeFlow Core Flaws: Printing a Path for Hackers or Just a Bad Paper Jam?
Xerox’s FreeFlow Core print orchestration platform has patched two vulnerabilities. The flaws, discovered by Horizon3 researchers, include an XXE injection and path traversal issue, both allowing remote code execution. These issues underscore the importance of keeping FreeFlow Core updated, especially for organizations with large-scale printing operations.
Hot Take:
Xerox’s FreeFlow Core may not have been flowing so freely after all! With vulnerabilities that could make your head spin faster than a Xerox machine on overdrive, it’s a wonder the entire printing world didn’t come crashing down in a paper jam of chaos. But fear not, because Xerox has hit the print button on some much-needed patches, ensuring that your confidential documents stay under wraps and not on the hacker’s display shelf!
Key Points:
- Xerox has patched two major vulnerabilities in its FreeFlow Core print orchestration platform.
- The flaws include an XXE injection flaw (CVE-2025-8355) and a path traversal issue (CVE-2025-8356).
- Exploits could allow remote, unauthenticated attackers to execute arbitrary code.
- Vulnerabilities were reported in June and patched by August 8 in version 8.0.5.
- Earlier vulnerabilities were found in Xerox VersaLink printers, underscoring the need for vigilance.