{"uuid": "1a7e3b5f-3e2d-4c3e-8dc4-b53b54ac0c74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3519", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12812", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3519\n\ud83d\udd25 CVSS Score: 7 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N)\n\ud83d\udd39 Description: An authorization bypass\u00a0in\u00a0Unblu Spark allows a\u00a0participant of a conversation\u00a0to replace an existing, uploaded file.\n\nEvery uploaded file in Unblu gets assigned with a randomly generated Universally Unique ID (UUID). In case a participant of this or another conversation gets access to such a file ID, it can be used to replace the file without changing the file name and details or the name of the user who uploaded the file. During the upload, file interception and allowed file type rules are still applied correctly.\n\ud83d\udccf Published: 2025-04-22T08:51:41.681Z\n\ud83d\udccf Modified: 2025-04-22T08:51:41.681Z\n\ud83d\udd17 References:\n1. https://www.unblu.com/en/docs/latest/security-bulletins/#UBL-2025-001", "creation_timestamp": "2025-04-22T09:04:15.000000Z"}