QwikSec

Security Database

CVE

CWE

Training

CVE-2025-15585

Published: Feb 18, 2026

Modified: Feb 19, 2026

PUBLISHED

Description

Fileflows versions before 25.05.2 are affected by an authenticated SQL injection vulnerability in the library-file search function. Successful exploitation requires the system to use MySQL as the underlying database and could result in privilege escalation or data exfiltration.

Vendor	Product	Versions
fileflows	fileflows	affected `0 - < 25.05.2`

Weaknesses (CWE)

References

https://fileflows.com/docs/versions#version-2505

https://projectblack.io/blog/fileflows-sql-injection-by-decompiling-net-code/#exploitation

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2025-15585 - Security Vulnerability | QwikSec