MySQL CVE-2025-15585
Lifecycle Timeline
2DescriptionNVD
Fileflows versions before 25.05.2 are affected by an authenticated SQL injection vulnerability in the library-file search function. Successful exploitation requires the system to use MySQL as the underlying database and could result in privilege escalation or data exfiltration.
Analysis
Fileflows versions before 25.05.2 are affected by an authenticated SQL injection vulnerability in the library-file search function. Successful exploitation requires the system to use MySQL as the underlying database and could result in privilege escalation or data exfiltration.
Technical ContextAI
Classified as CWE-89 (SQL Injection). Affects the library-file search component of Fileflow. Fileflows versions before 25.05.2 are affected by an authenticated SQL injection vulnerability in the library-file search function. Successful exploitation requires the system to use MySQL as the underlying database and could result in privilege escalation or data exfiltration.
Affected ProductsAI
Product: Fileflow. Versions: up to 25.05.2. Component: library-file search.
RemediationAI
Monitor vendor advisories for a patch. Use parameterized queries. Implement input validation.
Share
External POC / Exploit Code
Leaving vuln.today