PT-2025-17491 · Unblu · Unblu Spark
Andrei Dabrakou
·
Publicado
2025-04-22
·
Atualizado
2025-04-22
·
CVE-2025-3519
CVSS v4.0
7.0
Alta
| Vetor | AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Unblu Spark versions 8.0.0 through 8.12.1
Unblu Spark version 8.13.1
Description
An authorization bypass in Unblu Spark allows a participant of a conversation to replace an existing, uploaded file. Every uploaded file in Unblu gets assigned with a randomly generated Universally Unique ID (UUID). If a participant of this or another conversation gets access to such a file ID, it can be used to replace the file without changing the file name and details or the name of the user who uploaded the file. During the upload, file interception and allowed file type rules are still applied correctly.
Recommendations
For Unblu Spark versions 8.0.0 through 8.12.1, consider disabling file upload functionality until a patch is available.
For Unblu Spark version 8.13.1, consider restricting access to file upload functionality until a patch is available.
As a temporary workaround, consider implementing additional authorization checks for file uploads to prevent unauthorized file replacement.
Correção
IDOR
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Unblu Spark