Authorization Bypass in Unblu Spark Affects File Integrity
CVE-2025-3519

7HIGH

Key Information:

Vendor: Unblu Inc.
Status: Unblu Spark
Vendor: CVE Published:; 22 April 2025

What is CVE-2025-3519?

An authorization bypass flaw in Unblu Spark permits a participant in a conversation to substitute an existing uploaded file without altering its filename or the identity of the original uploader. Each file is assigned a unique Universally Unique ID (UUID); if a participant gains access to this ID, they can utilize it to replace the file while still adhering to the file type restrictions and interception protocols during upload. This vulnerability raises significant concerns regarding file integrity and data management within affected systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Unblu Spark 8.0.0 <= 8.12.1

Unblu Spark 8.13.1

References

https://www.unblu.com/en/docs/latest/security-bulletins/#...

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Apr 22, 2025
Vulnerability Reserved
Apr 11, 2025

Credit

Andrei Dabrakou of Citadelo (andrei.dabrakou@citadelo.com)

JSON

Unblu Inc.

What is CVE-2025-3519?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.