Xerox FreeFlow Flaws Enable SSRF and Remote Code Execution

Xerox Corporation has released an urgent security bulletin addressing two critical vulnerabilities in its FreeFlow Core software, prompting immediate upgrade recommendations for enterprise users.

The vulnerabilities, designated as CVE-2025-8355 and CVE-2025-8356, were discovered through coordinated security research and could potentially allow unauthorized system access and remote code execution.

Critical Security Vulnerabilities Discovered

On August 8, 2025, Xerox published Security Bulletin XRX25-013, detailing significant security flaws affecting FreeFlow Core version 8.0.4.

The bulletin identifies two distinct attack vectors that security researchers have classified as “IMPORTANT” level threats, warranting immediate attention from system administrators and IT security teams.

CVE-2025-8355 represents an XML External Entity (XXE) vulnerability that can lead to Server-Side Request Forgery (SSRF) attacks.

This type of vulnerability allows malicious actors to manipulate XML parsers to access internal systems, potentially exposing sensitive data or enabling lateral movement within network infrastructures.

Meanwhile, CVE-2025-8356 involves a Path Traversal vulnerability that escalates to Remote Code Execution (RCE) capabilities, enabling attackers to execute arbitrary commands on affected systems.

Technical Analysis of Exploit Vectors

The XXE-to-SSRF vulnerability chain in CVE-2025-8355 exploits improper XML parsing mechanisms within FreeFlow Core’s document processing engine.

Attackers can craft malicious XML payloads containing external entity references that force the application to make unauthorized requests to internal network resources.

This technique bypasses traditional perimeter security controls and can expose internal services that should remain inaccessible from external networks.

The Path Traversal vulnerability (CVE-2025-8356) represents a more severe threat, as it provides a direct pathway to Remote Code Execution.

By manipulating file path parameters, attackers can traverse directory structures to access system files or upload malicious executables to critical system locations.

When combined with insufficient input validation, this vulnerability type can grant complete system compromise.

Immediate Mitigation and Upgrade Path

Xerox strongly recommends the immediate deployment of FreeFlow Core version 8.0.5, which contains comprehensive patches for both identified vulnerabilities.

The updated software package implements enhanced XML parsing security controls, strengthened input validation mechanisms, and improved file system access restrictions.

System administrators should prioritize this upgrade due to the potential for these vulnerabilities to be exploited in combination, creating a significant attack surface.

The security fixes address the root causes of both CVE-2025-8355 and CVE-2025-8356 through improved secure coding practices and additional runtime protection mechanisms.

Xerox has acknowledged the collaborative security research efforts of Jimi Sebree from Horizon3.ai, whose responsible disclosure enabled the development of these critical patches.

Organizations can download the updated software directly from Xerox.com’s official support portal, ensuring authentic and verified security updates for their FreeFlow Core installations.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates

The post Xerox FreeFlow Flaws Enable SSRF and Remote Code Execution appeared first on Cyber Security News.