Authorization Flaw in Secure-upload Service from Apollo
CVE-2025-53709

5.4MEDIUM

Key Information:

Vendor

Palantir

Status
Com.palantir.secupload:secure-upload
Vendor
CVE Published:
10 July 2025

What is CVE-2025-53709?

The Secure-upload service from Apollo is designed to validate single-use tokens for data submissions. However, under certain conditions, authenticated and privileged users can exploit the service by selecting email templates not intended for their enrollment. Additionally, these users may redirect submission channels to a dataset they control, compromising the integrity of the data submission process. Furthermore, unauthenticated users can exploit an endpoint to enumerate existing enrollments, revealing sensitive information. The affected service has been updated to version 0.815.0 to address these issues.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

com.palantir.secupload:secure-upload * < 0.815.0

References

https://cwe.mitre.org/data/definitions/285.html

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.