CVE-2025-3114
Spotfire Code Execution Vulnerability
Severity Score
9.4
*CVSS v4
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
Code Execution via Malicious Files: Attackers can create specially crafted files with embedded code that may execute without adequate security validation, potentially leading to system compromise. Sandbox Bypass Vulnerability: A flaw in the TERR security mechanism allows attackers to bypass sandbox restrictions, enabling the execution of untrusted code without appropriate controls.
Code Execution via Malicious Files: Attackers can create specially crafted files with embedded code that may execute without adequate security validation, potentially leading to system compromise. Sandbox Bypass Vulnerability: A flaw in the TERR security mechanism allows attackers to bypass sandbox restrictions, enabling the execution of untrusted code without appropriate controls.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
System
Vulnerable | Subsequent
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2025-04-02 CVE Reserved
- 2025-04-09 CVE Published
- 2025-04-15 CVE Updated
- 2025-04-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
- CWE-693: Protection Mechanism Failure
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://community.spotfire.com/articles/spotfire/spotfire-security-advisory-april-08-2025-spotfire-cve-2025-3114-r3484 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Spotfire Search vendor "Spotfire" | Spotfire Enterprise Runtime For R Search vendor "Spotfire" for product "Spotfire Enterprise Runtime For R" | >= 1.4 <= 6.0 Search vendor "Spotfire" for product "Spotfire Enterprise Runtime For R" and version " >= 1.4 <= 6.0" | en |
Affected
| ||||||
| Spotfire Search vendor "Spotfire" | Spotfire Statistics Services Search vendor "Spotfire" for product "Spotfire Statistics Services" | >= 0.6 <= 14.0 Search vendor "Spotfire" for product "Spotfire Statistics Services" and version " >= 0.6 <= 14.0" | en |
Affected
| ||||||
| Spotfire Search vendor "Spotfire" | Spotfire Statistics Services Search vendor "Spotfire" for product "Spotfire Statistics Services" | 14.1.0 Search vendor "Spotfire" for product "Spotfire Statistics Services" and version "14.1.0" | en |
Affected
| ||||||
| Spotfire Search vendor "Spotfire" | Spotfire Statistics Services Search vendor "Spotfire" for product "Spotfire Statistics Services" | 14.2.0 Search vendor "Spotfire" for product "Spotfire Statistics Services" and version "14.2.0" | en |
Affected
| ||||||
| Spotfire Search vendor "Spotfire" | Spotfire Statistics Services Search vendor "Spotfire" for product "Spotfire Statistics Services" | 14.3.0 Search vendor "Spotfire" for product "Spotfire Statistics Services" and version "14.3.0" | en |
Affected
| ||||||
| Spotfire Search vendor "Spotfire" | Spotfire Statistics Services Search vendor "Spotfire" for product "Spotfire Statistics Services" | 14.4.0 Search vendor "Spotfire" for product "Spotfire Statistics Services" and version "14.4.0" | en |
Affected
| ||||||
| Spotfire Search vendor "Spotfire" | Spotfire Statistics Services Search vendor "Spotfire" for product "Spotfire Statistics Services" | 14.4.1 Search vendor "Spotfire" for product "Spotfire Statistics Services" and version "14.4.1" | en |
Affected
| ||||||
| Spotfire Search vendor "Spotfire" | Spotfire Analyst Search vendor "Spotfire" for product "Spotfire Analyst" | >= 0.5 <= 14.0 Search vendor "Spotfire" for product "Spotfire Analyst" and version " >= 0.5 <= 14.0" | en |
Affected
| ||||||
| Spotfire Search vendor "Spotfire" | Deployment Kit Used In Spotfire Server Search vendor "Spotfire" for product "Deployment Kit Used In Spotfire Server" | >= 0.6 <= 14.0 Search vendor "Spotfire" for product "Deployment Kit Used In Spotfire Server" and version " >= 0.6 <= 14.0" | en |
Affected
| ||||||
| Spotfire Search vendor "Spotfire" | Spotfire Desktop Search vendor "Spotfire" for product "Spotfire Desktop" | >= 4.1 <= 14.0 Search vendor "Spotfire" for product "Spotfire Desktop" and version " >= 4.1 <= 14.0" | en |
Affected
| ||||||
| Spotfire Search vendor "Spotfire" | Spotfire Enterprise Runtime For R - Server Edition Search vendor "Spotfire" for product "Spotfire Enterprise Runtime For R - Server Edition" | >= 1.0 <= 17.6 Search vendor "Spotfire" for product "Spotfire Enterprise Runtime For R - Server Edition" and version " >= 1.0 <= 17.6" | en |
Affected
| ||||||