Xerox patches critical flaws in FreeFlow Core print software

Xerox has fixed two serious vulnerabilities in its FreeFlow Core platform that could allow unauthenticated, remote attackers to execute arbitrary code. Discovered by Horizon3, the flaws — an XXE injection and a path traversal issue — were shown to enable webshell deployment on vulnerable systems. FreeFlow Core is widely used in large-scale printing operations handling sensitive pre-publication data, making it an attractive target. Patches were released on August 8 in version 8.0.5, and users are urged to update immediately.

Read more:

https://www.securityweek.com/vulnerabilities-in-xerox-print-orchestration-product-allow-remote-code-execution/