Xerox has rolled out its April 2025 security update for the FreeFlow Print Server v2 (Windows 10), fixing over 40 critical vulnerabilities and strengthening encryption for safer file transfers.
The update, covered in Security Bulletin XRX25-009, applies to production printers like the iGen5, Baltoro HF, and Brenva HD.
It patches major flaws in components like OpenJDK, Apache HTTP Server, and OpenSSL, including:
- CVE-2025-21191 (Java privilege escalation)
- CVE-2025-27732 (remote code execution via HTTP)
- CVE-2024-9143 (OpenSSL decryption issue)
Key software upgrades include OpenJDK 8u452, Apache HTTP 2.4.63, OpenSSL 3.4.0 (FIPS-compliant), and Firefox 137.0.2.
Xerox warns that unpatched systems are at risk from outdated encryption and unsafe network inputs. This update is especially important for high-volume print environments relying on stable and secure RIP processing.
SFTP Encryption Improvements
The update now requires SHA-2 hashing and AES-512 encryption for SFTP, removing support for older, weaker algorithms.
Users of apps like Xear Flex must update to the latest version and set the security profile to “High” to stay connected.
This change follows NIST’s 2025 guidelines, which phase out SHA-1 and AES-128 in favor of stronger, future-proof encryption.
The update also adds better access controls for USB devices. While the “High” profile no longer blocks physical media, it still helps prevent data leaks.
Enterprises using iGen5 and Brenva HD presses may need to adjust workflows and SFTP settings—especially when using third-party MIS tools.
Xerox recommends three ways to install the latest FreeFlow Print Server v2 update:
- USB/DVD Media: Best for isolated (air-gapped) systems. Requires manual transfer of the 2.2 GB update.
- FreeFlow Update Manager: Easiest for networked systems. Offers pre-tested, automated deployment.
- Windows Update: Not advised. Microsoft patches may conflict with FreeFlow’s custom setup.
Before updating, Xerox strongly recommends creating a full system backup and a Windows Restore Point.
For Brenva HD Press users with in-line spectrophotometers, check and revalidate color profiles after the update, as OpenSSL changes may affect PDF/X-6 output.
The update improves security but may disrupt older workflows.
Print shops using JDF-based imposition templates should test thoroughly—updates to Apache Tomcat may affect how job tickets are processed.
While the patch significantly improves protection, success depends on careful rollout tailored to each press and workflow.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
![Nifty[.]com Infrastructure Exploited in Phishing Attack](https://firsthackersnews.com/wp-content/uploads/2023/10/Phishing-Attacks_-Recognize-and-Avoid-Email-Phishing-1-500x383.jpg)
Leave A Comment