PT-2026-20557 · Fileflows · Fileflows
Published
2026-02-18
·
Updated
2026-02-24
·
CVE-2025-15585
CVSS v4.0
7.6
High
| Vector | AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Fileflows versions prior to 25.05.2
Description
Fileflows is affected by an authenticated SQL injection issue in the library-file search function. Exploitation of this issue requires the system to utilize MySQL as the underlying database. Successful exploitation could lead to privilege escalation or data exfiltration.
Recommendations
Update Fileflows to version 25.05.2 or later.
Fix
LPE
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fileflows