Security patch installer for security vulnerabilities
The security patch installer fixes several vulnerabilities in AccurioPro Flux.
24.11.2025: The patch has been updated to include a fix for an actively exploited vulnerability in 7-Zip (CVE-2025-11001).
The following vulnerabilities are addressed by the installer. Please note that it contains no other updates and no changes are made to the installed version of AccurioPro Flux. The installer can be used without a valid Software Maintenance Plan (SMP) and can be run again when patches for new vulnerabilities are added.
- FLX-8261 (November 2025)
A potential remote code execution vulnerability in 7-Zip (CVE-2025-11001)
Affected editions: AccurioPro Flux Essential, Premium, Ultimate
Affected versions: 8.0 until 10.2.2.78546
Affected components: Flux Server
7-Zip is used in the Backup and restore feature of AccurioPro Flux. The vulnerability in 7-Zip is known to be actively exploited, although we are not aware of any instance of AccurioPro Flux being targeted. It is strongly recommended for users to install this security patch or update to the latest version.
- FLX-8118 (November 2025)
A potential remote code execution vulnerability in ImageMagick (CVE-2025-57807)
Affected editions: AccurioPro Flux Essential, Premium, Ultimate
Affected versions: 8.0 until 10.2.2.78536
Affected components: Flux Server, Flux Web, Flux Workstation
To the best of our knowledge, this vulnerability has not been actively exploited.
- FLX-7425 (May 2025)
A remote code execution vulnerability in a third-party component used by AccurioPro Flux which can allow attackers to execute malicious code on the system running AccurioPro Flux.
Affected editions: AccurioPro Flux Essential, Premium, Ultimate
Affected versions: 8.4.0 until 10.2.0.77842
Affected components: Flux Server & Flux Web
This issue was discovered through internal penetration testing and, to the best of our knowledge, is not being actively exploited or known publicly.
- FLX-7411 (May 2025)
A denial-of-service vulnerability in AccurioPro Flux Web that can be used to cause a service outage by causing the Flux Web server to crash.
Affected editions: AccurioPro Flux Ultimate
Affected versions: 10.0.0 until 10.2.0.77842
Affected components: Flux Web
This issue was discovered internally and, to the best of our knowledge, is not being actively exploited or known publicly.
- FLX-6554 (September 2024)
'ImageTragick' vulnerability in ImageMagick. This vulnerability could allow the unauthorized execution of external code.
Affected editions: AccurioPro Flux Essential, Premium, Ultimate
Affected versions: 8.0 until 10.0.2
Affected components: Flux Server, Flux Web, Flux Workstation
To the best of our knowledge, this vulnerability has not been actively exploited. However, as this is a critical vulnerability, we recommend that affected installations be updated immediately.
To install the patch, simply unzip the ZIP file, run the provided EXE file and follow the on-screen instructions. Please refer to the included ReadMe for further information.
Important notes
- The patch installer can be used with AccurioPro Flux versions 8.0 through 10.2.2.78546. It will automatically fix the vulnerabilities contained in the respective version.
- Install the patch on all machines that run affected AccurioPro Flux components, for example Flux Server, Flux Web or Flux Workstation.
- If Flux Workstation is installed at a later date via the installer on the Flux Server download page, the patch installer must be run again afterwards.
- The patch installer can also be used with customized installations.
- The patch installer can be used without a valid software maintenance plan (SMP).
- The installer can be run again after it has been updated with patches for new vulnerabilities.