Xerox has released a critical security update for its FreeFlow Core prepress automation platform after Horizon3.ai uncovered two severe vulnerabilities that could allow remote code execution. The flaws—CVE-2025-8356, a path traversal bug rated 9.8 on the CVSS scale, and CVE-2025-8355, an XML input handling issue rated 7.5—were discovered following unusual network activity reported by a Horizon3.ai customer. Investigators traced the activity to the software, confirming the risk of exploitation.
“Xerox is aware of the recent remote code execution vulnerabilities…and has made a software update available to our clients that mitigates” the risks, the company stated, urging immediate upgrades to version 8.0.5. Horizon3.ai researcher Jimi Sebree warned that “these flaws are trivial to exploit,” advising that unpatched systems should at least restrict access to the JMF Client service on Port 4004. With print servers often deeply integrated into enterprise networks, the vulnerabilities posed a significant exposure for industries relying on FreeFlow Core for large-scale print and packaging operations.
Proofed (Human)
Listen to This Article
Loading...
Login
New User? Signup
Reset Password
Signup
Existing User? Login here
Login here
Reset Password
Please enter your registered email address. You will recieve a link to reset your password via email.
New User? Signup
Currency Exchange Graph