CVE-2025-3115
Spotfire Data Function Vulnerability
Severity Score
9.4
*CVSS v4
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions.
Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution
Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
System
Vulnerable | Subsequent
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2025-04-02 CVE Reserved
- 2025-04-09 CVE Published
- 2025-04-09 CVE Updated
- 2025-04-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://community.spotfire.com/articles/spotfire/spotfire-security-advisory-april-08-2025-spotfire-cve-2025-3114-r3484 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Spotfire Search vendor "Spotfire" | Spotfire Statistics Services Search vendor "Spotfire" for product "Spotfire Statistics Services" | >= 14.0.0 < 14.0.7 Search vendor "Spotfire" for product "Spotfire Statistics Services" and version " >= 14.0.0 < 14.0.7" | en |
Affected
| ||||||
| Spotfire Search vendor "Spotfire" | Spotfire Analyst Search vendor "Spotfire" for product "Spotfire Analyst" | >= 14.0.0 < 14.0.6 Search vendor "Spotfire" for product "Spotfire Analyst" and version " >= 14.0.0 < 14.0.6" | en |
Affected
| ||||||
| Spotfire Search vendor "Spotfire" | Deployment Kit Used In Spotfire Server Search vendor "Spotfire" for product "Deployment Kit Used In Spotfire Server" | >= 14.0.0 < 14.0.7 Search vendor "Spotfire" for product "Deployment Kit Used In Spotfire Server" and version " >= 14.0.0 < 14.0.7" | en |
Affected
| ||||||
| Spotfire Search vendor "Spotfire" | Spotfire Desktop Search vendor "Spotfire" for product "Spotfire Desktop" | >= 14.4.0 < 14.4.2 Search vendor "Spotfire" for product "Spotfire Desktop" and version " >= 14.4.0 < 14.4.2" | en |
Affected
| ||||||
| Spotfire Search vendor "Spotfire" | Spotfire Enterprise Runtime For R - Server Edition Search vendor "Spotfire" for product "Spotfire Enterprise Runtime For R - Server Edition" | >= 1.17.0 < 1.17.7 Search vendor "Spotfire" for product "Spotfire Enterprise Runtime For R - Server Edition" and version " >= 1.17.0 < 1.17.7" | en |
Affected
| ||||||
| Spotfire Search vendor "Spotfire" | Spotfire Service For Python Search vendor "Spotfire" for product "Spotfire Service For Python" | >= 1.17.0 < 1.17.7 Search vendor "Spotfire" for product "Spotfire Service For Python" and version " >= 1.17.0 < 1.17.7" | en |
Affected
| ||||||
| Spotfire Search vendor "Spotfire" | Spotfire Service For Python Search vendor "Spotfire" for product "Spotfire Service For Python" | >= 1.18.0 <= 1.21.1 Search vendor "Spotfire" for product "Spotfire Service For Python" and version " >= 1.18.0 <= 1.21.1" | en |
Affected
| ||||||
| Spotfire Search vendor "Spotfire" | Spotfire Service For R Search vendor "Spotfire" for product "Spotfire Service For R" | >= 1.17.0 < 1.17.7 Search vendor "Spotfire" for product "Spotfire Service For R" and version " >= 1.17.0 < 1.17.7" | en |
Affected
| ||||||
| Spotfire Search vendor "Spotfire" | Spotfire Service For R Search vendor "Spotfire" for product "Spotfire Service For R" | >= 1.18.0 <= 1.21.1 Search vendor "Spotfire" for product "Spotfire Service For R" and version " >= 1.18.0 <= 1.21.1" | en |
Affected
| ||||||