CVE-2025-3518

Name of the Vulnerable Software and Affected Versions The product name cannot be determined.

Description A user can upload a file to a conversation even if the file upload functionality is disabled. The system allows file uploads through direct API requests, despite the functionality being disabled for at least one use case. However, file interception and allowed file type rules are still applied correctly. This issue is not a concern if file sharing is generally enabled.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.