Description

It technically possible for a user to upload a file to a conversation despite the file upload functionality being disabled. The file upload functionality can be enabled or disabled for specific use cases through configuration. In case the functionality is disabled for at least one use case, the system nevertheless allows files to be uploaded through direct API requests. During the upload file, interception and allowed file type rules are still applied correctly. If file sharing is generally enabled, this issue is not of concern.

INFO

Published Date :

2025-04-22T08:49:56.073Z

Last Modified :

2025-04-24T14:59:31.675Z

Source :

NCSC.ch
AFFECTED PRODUCTS

The following products are affected by CVE-2025-3518 vulnerability.

Vendors Products
Unblu
  • Spark
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-3518.

URL Resource
https://www.unblu.com/en/docs/latest/security-bulletins/#UBL-2025-002 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact