CVE-2025-15585
Fileflows 25.04.9 Authenticated SQL Injection
Fileflows versions before 25.05.2 are affected by an authenticated SQL injection vulnerability in the library-file search function. Successful exploitation requires the system to use MySQL as the underlying database and could result in privilege escalation or data exfiltration.
https://www.cve.org/CVERecord?id=CVE-2025-15585
FileFlows Vulnerabilities - SQL Injection by Decompiling .NET Code
Sometimes the good stuff isn’t on the surface. We turned to decompiling .NET code to find a hidden SQL injection flaw.
Jarrod Cameron