CVE-2025-3115

Summary

Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution

Affected Software

VendorProductVersion RangeStatus
SpotfireSpotfire Statistics Services14 < 14.0.7affected
SpotfireSpotfire Statistics Services14.1.0affected
SpotfireSpotfire Statistics Services14.2.0affected
SpotfireSpotfire Statistics Services14.3.0affected
SpotfireSpotfire Statistics Services14.4.0affected
SpotfireSpotfire Statistics Services14.4.1affected
SpotfireSpotfire Analyst14.0 < 14.0.6affected
SpotfireSpotfire Analyst14.1.0affected
SpotfireSpotfire Analyst14.2.0affected
SpotfireSpotfire Analyst14.3.0affected
SpotfireSpotfire Analyst14.4.0affected
SpotfireSpotfire Analyst14.4.1affected
SpotfireDeployment Kit used in Spotfire Server14.0 < 14.0.7affected
SpotfireDeployment Kit used in Spotfire Server14.1.0affected
SpotfireDeployment Kit used in Spotfire Server14.2.0affected
SpotfireDeployment Kit used in Spotfire Server14.3.0affected
SpotfireDeployment Kit used in Spotfire Server14.4.0affected
SpotfireDeployment Kit used in Spotfire Server14.4.1affected
SpotfireSpotfire Desktop14.4 < 14.4.2affected
SpotfireSpotfire for AWS Marketplace14.4 < 14.4.2unknown
SpotfireSpotfire Enterprise Runtime for R - Server Edition1.17 < 1.17.7affected
SpotfireSpotfire Enterprise Runtime for R - Server Edition1.18.0affected
SpotfireSpotfire Enterprise Runtime for R - Server Edition1.19.0affected
SpotfireSpotfire Enterprise Runtime for R - Server Edition1.20.0affected
SpotfireSpotfire Enterprise Runtime for R - Server Edition1.21.0affected
SpotfireSpotfire Enterprise Runtime for R - Server Edition1.21.1affected
SpotfireSpotfire Service for Python1.17 < 1.17.7affected
SpotfireSpotfire Service for Python1.18.0 <= 1.21.1affected
SpotfireSpotfire Service for R1.17 < 1.17.7affected
SpotfireSpotfire Service for R1.18.0 <= 1.21.1affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References