CVE-2025-55476 is a time-based blind SQL injection vulnerability identified in FireShare FileShare version 1.2.25. The vulnerability exists in the 'sort' parameter of the GET /api/videos/public endpoint. This parameter is used directly within a SQL ORDER BY clause without proper input sanitization or validation, allowing an attacker to inject arbitrary SQL subqueries. Time-based blind SQL injection is a technique where an attacker sends payloads that cause the database to delay its response based on the evaluation of injected conditions, enabling the attacker to infer data from the database even when direct output is not returned. Exploiting this vulnerability could allow an attacker to extract sensitive information from the backend database, manipulate query results, or potentially escalate to further attacks such as privilege escalation or data corruption. Although no known exploits are currently reported in the wild, the vulnerability is publicly disclosed and unpatched, increasing the risk of future exploitation. The lack of a CVSS score indicates that the vulnerability has not yet been fully assessed for severity, but the nature of SQL injection vulnerabilities typically represents a significant security risk.

For European organizations using FireShare FileShare 1.2.25, this vulnerability poses a substantial risk to the confidentiality and integrity of their data. An attacker exploiting this flaw could extract sensitive information such as user credentials, internal documents, or proprietary data stored in the database. This could lead to data breaches, regulatory non-compliance (e.g., GDPR violations), reputational damage, and financial losses. Additionally, manipulation of database queries could disrupt service availability or corrupt data, impacting business operations. Given the endpoint is publicly accessible, the attack surface is broad, increasing the likelihood of exploitation attempts. Organizations in sectors with strict data protection requirements, such as finance, healthcare, and government, are particularly vulnerable to the consequences of such data exposure or service disruption.

European organizations should immediately audit their use of FireShare FileShare 1.2.25 and prioritize upgrading to a patched version once available. In the absence of an official patch, organizations should implement the following mitigations: 1) Apply strict input validation and sanitization on the 'sort' parameter, ensuring only expected values (e.g., predefined column names) are accepted. 2) Employ parameterized queries or prepared statements to prevent direct injection of user input into SQL commands. 3) Use Web Application Firewalls (WAFs) configured to detect and block SQL injection patterns, particularly time-based blind injection payloads. 4) Monitor application logs and database query logs for anomalous or suspicious activity related to the 'sort' parameter. 5) Restrict database user permissions to the minimum necessary to limit the impact of potential injection attacks. 6) Conduct regular security assessments and penetration tests focusing on injection vulnerabilities. These targeted measures go beyond generic advice by focusing on the specific vulnerable parameter and the nature of the injection technique.