CVE-2025-3115

Spotfire Data Function Vulnerability

Description

Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution

References

Link	Tags
https://community.spotfire.com/articles/spotfire/spotfire-security-advisory-april-08-2025-spotfire-cve-2025-3114-r3484/	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2025-3115?: CVE-2025-3115 has been scored as a critical severity vulnerability.
How to fix CVE-2025-3115?: To fix CVE-2025-3115, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-3115 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2025-3115 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-3115?: CVE-2025-3115 affects Spotfire Spotfire Statistics Services, Spotfire Spotfire Analyst, Spotfire Deployment Kit used in Spotfire Server, Spotfire Spotfire Desktop, Spotfire Spotfire for AWS Marketplace, Spotfire Spotfire Enterprise Runtime for R - Server Edition, Spotfire Spotfire Service for Python, Spotfire Spotfire Service for R.

Description

Category

CWE-94 – Improper Control of Generation of Code ('Code Injection')

References

Frequently Asked Questions