CVE-2025-15585

Vulnerability Description

Fileflows versions before 25.05.2 are affected by an authenticated SQL injection vulnerability in the library-file search function. Successful exploitation requires the system to use MySQL as the underlying database and could result in privilege escalation or data exfiltration.

Related Weaknesses (CWE)

CWE-89

References

https://fileflows.com/docs/versions#version-2505
https://projectblack.io/blog/fileflows-sql-injection-by-decompiling-net-code/#ex

FAQ

What is CVE-2025-15585?

CVE-2025-15585 is a documented vulnerability. Fileflows versions before 25.05.2 are affected by an authenticated SQL injection vulnerability in the library-file search function. Successful exploitation requires the system to use MySQL as the unde...

How severe is CVE-2025-15585?

CVSS scoring is not yet available for CVE-2025-15585. Check NVD for updates.

Is there a patch for CVE-2025-15585?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.