PT-2025-17491 · Unblu · Unblu Spark
Andrei Dabrakou
·
Published
2025-04-22
·
Updated
2025-04-22
·
CVE-2025-3519
CVSS v4.0
7.0
High
| Vector | AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Unblu Spark versions 8.0.0 through 8.12.1
Unblu Spark version 8.13.1
Description
An authorization bypass in Unblu Spark allows a participant of a conversation to replace an existing, uploaded file. Every uploaded file in Unblu gets assigned with a randomly generated Universally Unique ID (UUID). If a participant of this or another conversation gets access to such a file ID, it can be used to replace the file without changing the file name and details or the name of the user who uploaded the file. During the upload, file interception and allowed file type rules are still applied correctly.
Recommendations
For Unblu Spark versions 8.0.0 through 8.12.1, consider disabling file upload functionality until a patch is available.
For Unblu Spark version 8.13.1, consider restricting access to file upload functionality until a patch is available.
As a temporary workaround, consider implementing additional authorization checks for file uploads to prevent unauthorized file replacement.
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Unblu Spark