CVE-2025-55476 – FireShare FileShare 1.2.25 contains a time-base... (How to Fix)

Q: What is the severity of CVE-2025-55476?

CVE-2025-55476 has a CVSS score of 6.5 (MEDIUM). FireShare FileShare 1.2.25 contains a time-based blind SQL injection vulnerability in the sort parameter of the public videos API endpoint. Attackers can inject arbitrary SQL subqueries to potentially extract sensitive database information. All instances running vulnerable versions are affected.

📋 TL;DR

FireShare FileShare 1.2.25 contains a time-based blind SQL injection vulnerability in the sort parameter of the public videos API endpoint. Attackers can inject arbitrary SQL subqueries to potentially extract sensitive database information. All instances running vulnerable versions are affected.

💻 Affected Systems

Products:

FireShare FileShare

Versions: 1.2.25 and earlier

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the public API endpoint which is typically exposed

📦 What is this software?

Fireshare by Shaneisrael

View all CVEs affecting Fireshare →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full database compromise including extraction of user credentials, personal data, and potential lateral movement to other systems

🟠

Likely Case

Extraction of sensitive application data such as user information, file metadata, or configuration details

🟢

If Mitigated

Limited information disclosure through timing-based enumeration of database structure

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Time-based blind SQL injection requires specialized tools and knowledge

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.2.26

Vendor Advisory: https://github.com/ShaneIsrael/fireshare/releases/tag/v1.2.26

Restart Required: No

Instructions:

1. Backup your current installation. 2. Download version 1.2.26 from GitHub releases. 3. Replace the vulnerable files with patched version. 4. Verify the fix by testing the vulnerable endpoint.

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation to reject suspicious sort parameter values

Implement allowlist validation for sort parameter values

WAF Rule

all

Deploy web application firewall rules to block SQL injection patterns

Configure WAF to block requests containing SQL keywords in sort parameter

🧯 If You Can't Patch

Restrict access to the /api/videos/public endpoint using network controls
Implement rate limiting to make time-based attacks impractical

🔍 How to Verify

Check if Vulnerable:

Test the endpoint with payload: /api/videos/public?sort=(SELECT+1+FROM+dual+WHERE+SLEEP(5))

Check Version:

Check the application version in admin panel or configuration files

Verify Fix Applied:

Test the same payload after patching - should return immediately without delay

📡 Detection & Monitoring

Log Indicators:

Unusual SQL keywords in GET parameters
Multiple requests with varying sort parameters causing delays

Network Indicators:

Repeated requests to /api/videos/public with SQL-like patterns in parameters

SIEM Query:

source="web_logs" AND uri_path="/api/videos/public" AND query_string="*sort=*SELECT*" OR query_string="*sort=*SLEEP*"

📊 Metadata

CVE ID: CVE-2025-55476

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-89

EPSS Score: 0.03% exploit probability (7th percentile)

Published: September 2, 2025

Last Updated: September 5, 2025

🔗 References

https://cyber-ducky.com/blind-sql-injection-in-fireshare-found-in-an-api-sort-parameter/ Exploit,Third Party Advisory
https://github.com/ShaneIsrael/fireshare/issues/311 Exploit,Issue Tracking
https://github.com/ShaneIsrael/fireshare/releases/tag/v1.2.26 Release Notes

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-55476, you might also want to check these: