Xerox Unveils April 2025 Security Patch for FreeFlow Print Server v2

Xerox has released a comprehensive security patch update for its FreeFlow Print Server v2 platform running on Windows 10, addressing a wide range of vulnerabilities and reinforcing the cybersecurity posture of its production printing solutions.

The update, delivered in April 2025 and officially announced on May 12, is part of Xerox’s ongoing quarterly patch cycle and is designed to protect customers operating high-end digital presses, including the iGen 5 Press, Baltoro HF Production Inkjet Press, and Brenva HD Production Inkjet Press.

Key Components of the Security Patch

The April 2025 update includes several critical software and security enhancements:

• OpenJDK Java 8 Update 452-b08 (superseding Update 442-b06)
• Firefox 137.0.2 (superseding Firefox 134.0.1)
• Apache HTTP 2.4.63
• Apache Tomcat 6.0.45
• OpenSSL 3.4.0
• OpenSSH 9.9p1

The update also incorporates the latest Microsoft security patches for Windows 10, addressing numerous Common Vulnerabilities and Exposures (CVEs) identified by the US-CERT advisory council. Notable CVEs remediated include CVE-2025-21191, CVE-2025-26641, CVE-2025-27477, and CVE-2025-29809, among many others. The update further addresses vulnerabilities in Java (CVE-2025-21587, CVE-2025-30691, CVE-2025-30698), Firefox (CVE-2025-3608), and OpenSSL (CVE-2024-9143, CVE-2024-12797, CVE-2024-13176).

Enhanced Security Measures and Noteworthy Caveats

Xerox’s security bulletin highlights several important changes and caveats introduced by the April 2025 patch:

• SFTP Connectivity: After the update, SFTP connections to Xerox color presses will fail if weak encryption algorithms are used.
• Only applications supporting SHA2 hash and AES 512-bit encryption will successfully connect. The Xear Flex application has been updated to comply with these stronger encryption requirements, but users must ensure their security profile is set to “High” for successful SFTP connections.
• The “Low” security profile will not work
• Peripheral Access: Setting the security profile to “High” does not restrict access to platform peripherals such as DVD or USB media, which may be a consideration for highly secure environments.

Installation Options and Recommendations

Customers can install the patch update via several methods:

• USB/DVD Media: Xerox provides the update as a ZIP archive or ISO file, along with an installation script.
• This method is preferred by customers with strict security requirements, such as government agencies, as it allows for pre-installation virus scanning of the media.
• Windows Update: The update can also be installed directly through Microsoft’s Windows Update service. However, Xerox cautions that these patches have not been tested specifically on FreeFlow Print Server platforms and recommends performing system backups before installation.
• Network Delivery: The FreeFlow Print Server Update Manager offers another installation route, providing convenience for customers comfortable with network-based updates.

Regardless of the method, Xerox advises customers to evaluate their security needs regularly and consult with Xerox Service to minimize operational risks.

Full system and restore point backups are strongly recommended before patch installation to ensure quick recovery in case of software issues.

Ongoing Commitment to Security

Xerox’s quarterly patch cycle and rigorous testing underscore its commitment to providing secure, reliable printing environments for enterprise and production customers.

The company encourages all users of the FreeFlow Print Server v2 platform to apply the April 2025 security patch update promptly to maintain system integrity and compliance with the latest security standards.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates