Two serious vulnerabilities were patched recently by Xerox in its FreeFlow Core print orchestration platform.
According to pentesting company Horizon3, whose researchers discovered the flaws, FreeFlow Core is affected by an XXE injection flaw (CVE-2025-8355) and a path traversal issue (CVE-2025-8356).
The researchers discovered that the vulnerabilities could allow an unauthenticated, remote attacker to execute arbitrary code on affected FreeFlow Core instances.
https://www.securityweek.com/vulnerabil ... execution/