Authorization Bypass in Unblu Spark Affects File Integrity
CVE-2025-3519

7HIGH

Key Information:

Vendor: Unblu Inc.
Status: Unblu Spark
Vendor: CVE Published:; 22 April 2025

What is CVE-2025-3519?

An authorization bypass flaw in Unblu Spark permits a participant in a conversation to substitute an existing uploaded file without altering its filename or the identity of the original uploader. Each file is assigned a unique Universally Unique ID (UUID); if a participant gains access to this ID, they can utilize it to replace the file while still adhering to the file type restrictions and interception protocols during upload. This vulnerability raises significant concerns regarding file integrity and data management within affected systems.

Affected Version(s)

Unblu Spark 8.0.0 <= 8.12.1

Unblu Spark 8.13.1

References

https://www.unblu.com/en/docs/latest/security-bulletins/#...

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2025
Vulnerability Reserved
Apr 11, 2025

Credit

Andrei Dabrakou of Citadelo ([email protected])

Unblu Inc.

What is CVE-2025-3519?

Affected Version(s)

References

CVSS V4

Timeline

Credit