Primary

Context

Unblu Spark File Upload Vulnerability Bypasses Disabled Functionality

Vulnerability

A vulnerability exists in Unblu Spark versions 8.12.1 and earlier, as well as in version 7 through 7.53.4, allowing users to upload files to a conversation even when the file upload feature is disabled. This issue arises because the system still accepts file uploads through direct API requests, despite interception and file type rules being correctly applied. The vulnerability is not a concern if file sharing is generally enabled.

Impact

Exploitation of this vulnerability allows for unauthorized file uploads, potentially leading to the distribution of malicious files or the introduction of unwanted content into conversations.

Remediation

Users can upgrade to Unblu Spark version 8.13.1 or version 7.54.1 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Unblu Spark File Upload Vulnerability Bypasses Disabled Functionality

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating