How severe is CVE-2025-3518?

This vulnerability has a severity rating of MEDIUM with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2025-3518?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2025-3518 - MEDIUM Severity | CVSS N/A

Vulnerability Description

It technically possible for a user to upload a file to a conversation despite the file upload functionality being disabled. The file upload functionality can be enabled or disabled for specific use cases through configuration. In case the functionality is disabled for at least one use case, the system nevertheless allows files to be uploaded through direct API requests. During the upload file, interception and allowed file type rules are still applied correctly. If file sharing is generally enabled, this issue is not of concern.

Related Vulnerabilities

CVE-2015-2692

CRITICAL

CVSS:10.0(Critical)

AdBlock before 2.21 allows remote attackers to block arbitrary resources on arbitrary websites and to disable arbitrary blocking filters.

CWE-2842015

CVE-2016-1038

CRITICAL

CVSS:10.0(Critical)

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers...

CWE-2842016

CVE-2016-1041

CRITICAL

CVSS:10.0(Critical)

CWE-2842016

CVE-2016-1044

CRITICAL

CVSS:10.0(Critical)

CWE-2842016

CVE-2016-8938

CRITICAL

CVSS:10.0(Critical)

IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host cus...

CWE-2842016

CVE-2017-7928

CRITICAL

CVSS:10.0(Critical)

An Improper Access Control issue was discovered in Schweitzer Engineering Laboratories (SEL) SEL-3620 and SEL-3622 Security Gateway Versions R202 and, R203, R203-V1, R203-V2 and, R204, R204-V1. The de...

CWE-2842017