Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.7
Fileflows Before 25.05.2: Data Theft or Escalation via Search Function
CVE-2025-15585
Summary
Fileflows versions before 25.05.2 have a security flaw in their search function that can be exploited by authorized users to access sensitive data or gain more privileges when using MySQL. This means that attackers can find and steal valuable information or take control of the system. To protect your data, update to version 25.05.2 or later as soon as possible.
Original title
Fileflows versions before 25.05.2 are affected by an authenticated SQL injection vulnerability in the library-file search function. Successful exploitation requires the system to use MySQL as the u...
Original description
Fileflows versions before 25.05.2 are affected by an authenticated SQL injection vulnerability in the library-file search function. Successful exploitation requires the system to use MySQL as the underlying database and could result in privilege escalation or data exfiltration.
nvd CVSS4.0
6.7
Vulnerability type
CWE-89
SQL Injection
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026