CVE-2025-3519

Published: Apr 22, 2025

Modified: Apr 22, 2025

PUBLISHED

Description

An authorization bypass in Unblu Spark allows a participant of a conversation to replace an existing, uploaded file. Every uploaded file in Unblu gets assigned with a randomly generated Universally Unique ID (UUID). In case a participant of this or another conversation gets access to such a file ID, it can be used to replace the file without changing the file name and details or the name of the user who uploaded the file. During the upload, file interception and allowed file type rules are still applied correctly.

Vendor	Product	Versions
Unblu inc.	Unblu Spark	unaffected `8.13.1` affected `8.0.0 - <= 8.12.1`

Weaknesses (CWE)

CWE-639

References

https://www.unblu.com/en/docs/latest/security-bulletins/#UBL-2025-001

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-3519

Description

Affected Products

Weaknesses (CWE)

References