Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN504
_____________________________________________________________________

DATE                : 12/08/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Xerox® FreeFlow® Core versions
                                    prior to 8.0.5.

=====================================================================
https://securitydocs.business.xerox.com/wp-content/uploads/2025/08/Xerox-Security-Bulletin-025-013-for-Freeflow-Core-8.0.5.pdf
_____________________________________________________________________

Security Bulletin XRX25-013
CVE-2025-8355, CVE-2025-8356
Xerox® FreeFlow® Core v8.0.5
Bulletin Date: August 8, 2025


Purpose
This Bulletin is intended ONLY for the specific software identified
for security issues which have been rated at a level of
IMPORTANT or higher.


Description
This release includes security fixes for FreeFlow Core version
8.0.4 to mitigate CVE-2025-8355 (XXE leading to SSRF) and
CVE-2025-8356 (Path Traversal leading to RCE) vulnerabilities.

Thank you to Jimi Sebree with Horizon3.ai for working with the
Xerox Team to identify and mitigate these vulnerabilities.


Mitigation
Please consider upgrading to FreeFlow Core version 8.0.5 via
the software available on Xerox.com here.


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================