Primary

Context

Unblu Spark Authorization Bypass Vulnerability Allowing File Replacement via UUID

Vulnerability

A vulnerability in Unblu Spark versions through 8.12.1 allows participants in a conversation to replace an existing uploaded file, provided they have access to the file's UUID. The replacement can be made without altering the file name, details, or the identity of the original uploader. This issue arises from an authorization bypass, as the file upload functionality can be disabled for specific use cases, yet Unblu still processes file uploads through the API. During the upload, the application correctly applies file type restrictions and interception rules.

Impact

Exploitation of this vulnerability allows for unauthorized replacement of files in a conversation, potentially leading to misinformation or misuse of shared documents.

Remediation

Users can upgrade to Unblu Spark version 8.13.1 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Unblu Spark Authorization Bypass Vulnerability Allowing File Replacement via UUID

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating