Xerox has issued security updates for its FreeFlow Core software to fix critical vulnerabilities that could lead to SSRF and remote code execution. These flaws, CVE-2025-8355 and CVE-2025-8356, pose serious risks to enterprise systems, requiring immediate action. #CVE-2025-8355 #CVE-2025-8356
Keypoints
- Xerox released security patches for its FreeFlow Core version 8.0.4 addressing two critical vulnerabilities.
- The vulnerabilities include an XML External Entity (XXE) flaw that enables server-side request forgery (SSRF).
- The second flaw is a path traversal vulnerability that can lead to remote code execution.
- Security researcher Jimi Sebree collaborated with Xerox to identify and mitigate these issues.
- Organizations are urged to upgrade to version 8.0.5 immediately and review their network security measures.
Read More: https://gbhackers.com/xerox-freeflow-flaws/