CVE-2025-3114

Spotfire Code Execution Vulnerability

Description

Code Execution via Malicious Files: Attackers can create specially crafted files with embedded code that may execute without adequate security validation, potentially leading to system compromise. Sandbox Bypass Vulnerability: A flaw in the TERR security mechanism allows attackers to bypass sandbox restrictions, enabling the execution of untrusted code without appropriate controls.

References

Link	Tags
https://community.spotfire.com/articles/spotfire/spotfire-security-advisory-april-08-2025-spotfire-cve-2025-3114-r3484/

Frequently Asked Questions

What is the severity of CVE-2025-3114?: CVE-2025-3114 has been scored as a critical severity vulnerability.
How to fix CVE-2025-3114?: To fix CVE-2025-3114, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-3114 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2025-3114 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-3114?: CVE-2025-3114 affects Spotfire Spotfire Enterprise Runtime for R, Spotfire Spotfire Statistics Services, Spotfire Spotfire Analyst, Spotfire Deployment Kit used in Spotfire Server, Spotfire Spotfire Desktop, Spotfire Spotfire for AWS Marketplace, Spotfire Spotfire Enterprise Runtime for R - Server Edition.

Description

Category

CWE-94 – Improper Control of Generation of Code ('Code Injection')

References

Frequently Asked Questions