{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T07:03:35.248","vulnerabilities":[{"cve":{"id":"CVE-2025-15585","sourceIdentifier":"ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a","published":"2026-02-19T00:16:21.053","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Fileflows versions before 25.05.2 are affected by an authenticated SQL injection vulnerability in the library-file search function. Successful exploitation requires the system to use MySQL as the underlying database and could result in privilege escalation or data exfiltration."},{"lang":"es","value":"Las versiones de Fileflows anteriores a la 25.05.2 están afectadas por una vulnerabilidad de inyección SQL autenticada en la función de búsqueda de archivos de la biblioteca. La explotación exitosa requiere que el sistema utilice MySQL como base de datos subyacente y podría resultar en escalada de privilegios o exfiltración de datos."}],"metrics":{"cvssMetricV40":[{"source":"ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://fileflows.com/docs/versions#version-2505","source":"ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a"},{"url":"https://projectblack.io/blog/fileflows-sql-injection-by-decompiling-net-code/#exploitation","source":"ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a"}]}}]}